Quantcast
What people blaming Geohotz and the "hackers" seem to be missing...

Forums - Sony Discussion - What people blaming Geohotz and the "hackers" seem to be missing...

Is it out of the realm of possibility that the hackers could have stolen the encryption keys?



Anyone can guess. It takes no effort to throw out lots of predictions and have some of them be correct. You are not and wiser or better for having your guesses be right. Even a blind man can hit the bullseye.

Around the Network
Grimes said:

Is it out of the realm of possibility that the hackers could have stolen the encryption keys?


Hrmm. No, I suppose not. If those were easily accessible you would have seen more going after the CC info though I suspect. Rocketpig would have a better insight here than I do though. Sony certainly would have made a point of itfor the personal data however. They were pretty forth coming with which data was or wasn't encrypted.



Starcraft 2 ID: Gnizmo 229

Gnizmo said:
imaprettyhotguy said:

You said the word practically so likely you are just putting your own spin on the fact that they said their telling you to change your pass and you just assumed it's unencripted and there is nothing in it about them admiting they were unprotected and the worse PR is every article saying it's the worst breach of personal info in history when there were bigger ones which have already been linked in this thread and you already saw


The personal data table was entirely unencrypted, and thats where your password was stored. It is all there. Read the Q&A and you will see this. The passwords were unencrypted, and stolen. Thats why they are forcing everyone to reset their password. At this point the potential for liability would be too high if they didn't.

Assumption is assumption stop basing things on assumptions 



I'm just glad that I used my third password tier on PSN. If I had to go around changing my bank, credit card, and site admin passwords (first password tier) right now, I'd be really, really pissed off.




Or check out my new webcomic: http://selfcentent.com/

Grimes said:

Is it out of the realm of possibility that the hackers could have stolen the encryption keys?

If they took the encryption key, Sony wouldn't be saying the CC data should be safe. That would mean that the hacker(s) had full access to that particular database and could have jacked the card numbers without much effort.




Or check out my new webcomic: http://selfcentent.com/

Around the Network
imaprettyhotguy said:
Gnizmo said:
imaprettyhotguy said:

You said the word practically so likely you are just putting your own spin on the fact that they said their telling you to change your pass and you just assumed it's unencripted and there is nothing in it about them admiting they were unprotected and the worse PR is every article saying it's the worst breach of personal info in history when there were bigger ones which have already been linked in this thread and you already saw


The personal data table was entirely unencrypted, and thats where your password was stored. It is all there. Read the Q&A and you will see this. The passwords were unencrypted, and stolen. Thats why they are forcing everyone to reset their password. At this point the potential for liability would be too high if they didn't.

Assumption is assumption stop basing things on assumptions 

And stop talking about things you obviously do not understand.

If the passwords were encrypted (meaning they were in a different database), Sony would have said as much in the Q&A.

On top of that, creating a database specifically for passwords is an unwieldy and overly complicated solution to a problem that doesn't exist if you just encrypt that table.




Or check out my new webcomic: http://selfcentent.com/

Surprised this thread has gone this long, arguing the basics of what has happened. 



 

rocketpig said:
Grimes said:

Is it out of the realm of possibility that the hackers could have stolen the encryption keys?

If they took the encryption key, Sony wouldn't be saying the CC data should be safe. That would mean that the hacker(s) had full access to that particular database and could have jacked the card numbers without much effort.

Assuming they use the same key for CC as passwords, and the hacker never got into the part that holds CC (atleast there is no evidence)



rocketpig said:
imaprettyhotguy said:
Gnizmo said:
imaprettyhotguy said:

You said the word practically so likely you are just putting your own spin on the fact that they said their telling you to change your pass and you just assumed it's unencripted and there is nothing in it about them admiting they were unprotected and the worse PR is every article saying it's the worst breach of personal info in history when there were bigger ones which have already been linked in this thread and you already saw


The personal data table was entirely unencrypted, and thats where your password was stored. It is all there. Read the Q&A and you will see this. The passwords were unencrypted, and stolen. Thats why they are forcing everyone to reset their password. At this point the potential for liability would be too high if they didn't.

Assumption is assumption stop basing things on assumptions 

And stop talking about things you obviously do not understand.

If the passwords were encrypted (meaning they were in a different database), Sony would have said as much in the Q&A.

On top of that, creating a database specifically for passwords is an unwieldy and overly complicated solution to a problem that doesn't exist if you just encrypt that table.

You can store encrypted code on the same database as unencrypted text... you say I'm the one that doesn't understand what hes talking about lol



imaprettyhotguy said:
rocketpig said:
Grimes said:

Is it out of the realm of possibility that the hackers could have stolen the encryption keys?

If they took the encryption key, Sony wouldn't be saying the CC data should be safe. That would mean that the hacker(s) had full access to that particular database and could have jacked the card numbers without much effort.

Assuming they use the same key for CC as passwords, and the hacker never got into the part that holds CC (atleast there is no evidence)

Different database, different key.

Seriously, just stop.




Or check out my new webcomic: http://selfcentent.com/