Backup of David's Google+ Posts

Home

Navigation Tips

Swipe left and right
or use navigation keys


David Blume
Sep 21, 2012
For Microsoft's new policy to work with existing passwords, Microsoft must have been doing one of the following:

* store full plaintext passwords in their db; compare the first 16 chars only 
* calculate the hash only on the first 16 (or fewer); ignore the rest

So, which of the two is more horrifying?  Read the article.

Hotmail: Your password was too long, so we fixed it for you

Comments

David Blume on Sep 22, 2012
I won't say anything about Gawker's hashing the first, what was it, 8 characters of our passwords?  That was pre-December 2010.  Glad they've changed things.  (Yes, I did some experimenting after the leak, so this is first-hand knowledge.)

© 2019 David Blume