
Mozilla accidentally posts usernames and password hashes - zoowar
http://www.tgdaily.com/security-features/53267-mozilla-accidentally-posts-usernames-and-password-hashes?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+tgdaily_all_sections+%28TG+Daily+-+All+News%29
======
Xk
_newly created passwords remain invulnerable to a similar disclosure, as they
employ SHA-512 with per-user salts to store hashes._

I don't know how long it will take for people to figure this out. SHA-512 with
a salt is _not_ the right way to store passwords. Yes, it's better by leaps
and bounds than storing the plaintext. Yes, it's better than crypt(3) as
gawker used. But come on, just use bcrypt already.

And the fact that they calls SHA-512 with salts "invulnerable" ... I don't
even know what to say to that.

~~~
csytan
I don't think a developer working at Mozilla would be so careless that they
would use "invulnerable" to describe their security. Seems like it was an
interpretation by the tgdaily author.

Here's a link to the original blog post:
[http://blog.mozilla.com/security/2010/12/27/addons-
mozilla-o...](http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-
disclosure/)

~~~
Xk
Yeah, my "they" was really unclear. I'm sure that no developer in his or her
right mind would ever call anything "invulnerable." That's just asking for it.

I guess it makes sense that the media would call something like that
invulnerable though, they don't know anything about it anyways.

------
tptacek
Does the problem with posting these hashes have _anything_ to do with
"cryptographic weaknesses in MD5", or does Sophos' security expert simply have
no idea what he's commenting to the trade press about?

~~~
JonnieCache
It has a lot to do with the weakness of MD5. You can compute the md5 has of
every 6 character lowercase string in seconds on a modern laptop. There are
also vast rainbow tables available. However mozilla have disabled all the
accounts that used MD5 anyway. Unfortunately this does not prevent the real
risk, which is to people who reuse their password elsewhere.

Still, other hash functions such as the SHA512 they are currently using are
also wildly inappropriate, as explained in the following excellent post:
<http://codahale.com/how-to-safely-store-a-password/>

~~~
tptacek
Speed isn't a hash function weakness. Collision susceptibility is, but that
doesn't really help you crack passwords.

