I am increasingly concerned with the possibility that the SHA1 algorithm, that is at the heart of e-commerce, may be on the verge of succumbing to the relentless march of Moore’s Law.
A very convincing calculation by Jesse Walker (shown in Bruce Schneier’s blog), estimates the cost of a single collision attack to fall bellow $200,000 by 2018, and below $50,000 by 2021. This simply means that a determined hacker with a strong financial motive will soon be able to launch a successful attack on 99% of all organizations that engage in online commerce.
so you know that linkedin was hacked and millions of passwords exposed. If you use your linkedin username-password combination anywhere else, go and change it everywhere.
leakedin.org provides you with the info on whether your password was exposed (you type in your password and it checks – does not require username), BUT, do not trust leakedin.org or anyone who tells you that your password was not obtained by hackers. We only know that these people posted ~6millions of passes but you have to assume that they have all of them.
a good long term solution that is free and highly recommended is lastpass.com. Their add-on works great in all browsers and mobiles, is free, and anytime one of your passes is exposed you only change that one pass.
by the way, what kind of tech-savvy firm keeps the password hashes unsalted in the webserver? Seriously?
Those of us who have waited for hours in line in Sina Road in Athens to buy a railroad ticket to Thessaloniki, the introduction by OSE (ΟΣΕ- Hellenic Railways Organization S.A. and its subsidiary Trainose) of an online reservation system last year must have seemed like too good to be true, coming from an organization who is single-handedly responsible for a sizeable portion of Greece’s debt and still owes about 8 billion Euros to the Greek state (link to company’s unofficial blog in Greek).