The difference is that if it's salted you need to work to get a specific passwor... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		aidos on June 6, 2012 \| parent \| context \| favorite \| on: 6.5 Million LinkedIn Password Hashes Leaked The difference is that if it's salted you need to work to get a specific password. Without salting you can test a generated hash (rainbow table) against all 6.9 million hashes at the same time. Not defending the choice - bcrypt is obviously a much better way to go.

eropple on June 6, 2012 [–]

The thing is, though, that it's trivial to slam through that set of salted passwords. It's like unsecured Wi-Fi versus WEP: "door unlocked" versus "'No Trespassing' sign."

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact