Ebay pretends to do password hashing. So why are they limiting passwords to 20 characters?
-
-
Replying to @jedisct1
@jedisct1@matthew_d_green The hash function they use has an output space of 20 chars and they don't want collisions?#YoloSecurity3 replies 0 retweets 3 likes -
Replying to @FredericJacobs
@FredericJacobs@jedisct1 In all seriousness, restrictions like that makes me think they're using AES or something.1 reply 0 retweets 0 likes -
Replying to @matthew_d_green
@matthew_d_green@jedisct1@veorq Press release says passwords are encrypted, not hashed https://www.paypal-community.com/t5/PayPal-Forward/eBay-To-Ask-Users-to-Change-Their-Passwords-No-Evidence-PayPal/ba-p/815612 …1 reply 0 retweets 1 like -
Replying to @FredericJacobs
@FredericJacobs@jedisct1@veorq Yeah but that just means an idiot wrote the press release.1 reply 0 retweets 4 likes -
Replying to @matthew_d_green
@matthew_d_green@FredericJacobs@jedisct1@veorq "encrypted" is a perfectly legitimate way of describing "one-way encrypted" passwords2 replies 0 retweets 0 likes -
Replying to @ErrataRob
@ErrataRob “encrypted” doesn’t really apply when multiple input values can produce the same output.1 reply 0 retweets 0 likes -
Replying to @ErrataRob
@ErrataRob Wikipedia: “encryption is the process of encoding messages in such a way that only authorized parties can __read__ it”1 reply 0 retweets 0 likes
@ErrataRob Any person can compute the hash of a known message. So what?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.