Timeline for Why is SHA1 considered less secure than often necessary?
Current License: CC BY-SA 3.0
4 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 16, 2020 at 9:49 | history | edited | CommunityBot | Commonmark migration | |
| Oct 19, 2016 at 10:31 | comment | added | A. Darwin | @Matthew of course, but there are attackers who simply sell passwords on the market, which are bought by other people who do what you're talking about (checking the password list for reuse in other websites,...). Think about it as some kind of "cracking-as-a-service". There are groups that do both, but that may take a bit of time if they don't restrict themselves to Gmail-Facebook-Twitter. As such, I wanted to show the ROI for attackers who simply crack passwords, which exist. | |
| Oct 19, 2016 at 9:55 | comment | added | Matthew | The passwords themselves don't have much value, but in combination with the user information from a site such as Linkedin, they can allow for a lot of attacks - people often use the same passwords on multiple sites, so an attacker can take over a more valuable account belonging to the same user (e.g. shopping accounts, banking...) | |
| Oct 19, 2016 at 9:41 | history | answered | A. Darwin | CC BY-SA 3.0 |