Mojang Reveals How Minecraft Passwords Were Stolen

Status
Not open for further replies.

agnickolov

Distinguished
Aug 10, 2006
520
0
18,980
0
Hashing is a one-way transformation - there's no way to obtain the password from the hash alone other than guessing. Therefore it's actually more secure than encrypting and storing the password. Doing both, e.g. encrypting the hashes is obviously better than either one in isolation of course. Then there's also salting that additionally improves security by pre- or appending text before hashing and/or encryption.
 

Kelthar

Honorable
Mar 27, 2013
640
0
11,360
101
I'm pretty sure they know how to hash passwords with a salt. The communication they put out had a low level of tech involved, getting into details of how passwords were stored/checked seemed unnecessary, at least as I see it.

But I'm pretty sure Mojang knows that they're supposed to use a hash, and a unique salt for each password.
 

Christopher1

Distinguished
Aug 29, 2006
663
2
19,015
5
You could stand to read the article - it was a phishing attack.
Stupid people being duped into giving up passwords to illegitimate sites.

No pity for them.
With all due respect, phishers are getting VERY VERY good at obfuscating the fact that you are not on the actual legitimate website of the game maker.
Sure if you look at the urlbar in your browser, you might see that instead of mojang.com it is going to steal-your-password.kr but many people just click on links in e-mails and do not bother to do that.
 

canadianvice

Distinguished


Then they should be checking that. People shouldn't own what they can't use properly. The only way phishing works is because of stupid, lazy people.

 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS