![]() Storing passwords as straight MD5 hashes is better than using plaintext, but not a whole lot better. Stretching is applying the hashing function repeatedly in a loop, to make each password guess take longer, thus slowing down password guessing attacks. Salts are random characters added to each password before it’s hashed, so that even if two users pick the same password, they end up with a different hash, so they stand or fall alone. What’s worse is that it sounds as though the stored password items were just the straight MD5 hashes of each raw password, without any salting or stretching. ![]() Unfortunately, the company is in the news for all the wrong reasons at the moment, following a Reddit posting entitled Massive Data Breach by a security researcher calling himself FoundTheStuff.įorbes identified the researcher as Chris Vickery, and says that he was able to access a MacKeeper company database of more than 13,000,000 customer records, apparently including names, email addresses, usernames, password hashes, phone numbers, IP addresses, system information and more. With slogans such as “Clean your Mac”, “100% performance boost” and “Increase security level”, the company’s aggressive advertising pitches its utilities as a personal technical assistant that helps with anti-virus protection, data encryption, junk file cleanup and performance optimisation. (Pop-unders are those annoying windows that are left behind when you close or move your main browser window.) If you do have a Mac, you’ve probably seen the company’s promotional material, whether as clickable ads in third-party websites, or as popup warnings, or as pop-under dialogs. Even if you don’t have a Mac, you’ve probably heard of MacKeeper. ![]()
0 Comments
Leave a Reply. |