Quote:
Originally Posted by ruff
A whole lot of drama for exactly what now? This is the kind of crap you get when you have so many surfers in a webmaster forum.
|
On the contrary actually.
Crack has stated that they know how long the passwords are (which means they either are storing passwords as plain text in their database, or they have a database schema with a huge security hole). Either way it means their form of password storage is compromised.
They've also now said they have a "de-cryption" method which is complete horse shit. If they're storing passwords with a hash method there's no way to de-crypt them. You can figure out what a password is from the hashed version - but it isn't de-cryption - it's a dedicated "guessing machine" that runs the billions of combinations through the hash function until it finds the match. That's not something they'd have the capacity for.