By using this site, you agree to our Privacy Policy and our Terms of Use. Close
fordy on 27 April 2011
Edit Thread
Gnizmo said:
fordy said:

It takes a great deal of complexity to brute-force decrypt a digested password hash. This is why they're used. Even if taken, they're still pretty useless, so they wouldn't be kicking up a fuss that they were stolen. You really should research the use use before trying to argue your stance on it.

Secondly, I stated quite clearly that it MAY be a rumour, but if it is indeed true, then it is a major oversight.

Even one of these points is more than enough to conclude that Sony did have major neglect towards adopting a security policy that is dangerous. If it was so effective, why wouldn't anyone else adopt the same policy?


Also by the time you de-crypt the password it is probably useless. Getting the data is one thing, but getting it undetected is virtually impossible. By the time you crack it the user has had a lot of time to simply change the password rendering all the work null and void. Of course when there is a week long gap between the incident and informing the users that is less true.

Also, plenty of people store their password as a combination of numerals and letters (not complete words) so they're only taking a stab in the dark at which would be the right one. (out of a combination of thousands of trillions) as opposed to copy/paste of a text-stored password.