Download
HTML Embed
HTML EMBED
Click to Copy
Marketplace

Holiday hiring hustle and bustle

Nov 15, 2019

Latest Episodes

Download
HTML Embed
HTML EMBED
Click to Copy
Marketplace Morning Report
Download
HTML Embed
HTML EMBED
Click to Copy
Download
HTML Embed
HTML EMBED
Click to Copy
Marketplace Morning Report
Download
HTML Embed
HTML EMBED
Click to Copy
Download
HTML Embed
HTML EMBED
Click to Copy
Download
HTML Embed
HTML EMBED
Click to Copy
Download
HTML Embed
HTML EMBED
Click to Copy
Marketplace Morning Report
Download
HTML Embed
HTML EMBED
Click to Copy
Marketplace Morning Report
Download
HTML Embed
HTML EMBED
Click to Copy
Marketplace Morning Report
Download
HTML Embed
HTML EMBED
Click to Copy

Passwords? There’s a technology for those

Gigi Douban Sep 23, 2016
Share Now on:
HTML EMBED:
COPY
Justin Sullivan/Getty Images

In an FAQ posted Thursday following news of a security breach in which 500 million user accounts were compromised, Yahoo covered the basics: what sorts of information hackers stole, what to do next. And then there’s a bunch of information on the measures Yahoo takes to secure passwords. That technology can come across as gobbledygook, and that’s certainly the case on the Yahoo webpage. 

 There are different ways websites can store your password, so when you come back and enter that password again, they know it’s you. If you walked away from that FAQ wondering what the heck hashing, b-crypt and salting mean, here you go.

Hashing is a tight form of encryption. So if you have a secret conversion code — say, a=1, b=2,  “You secure the data in a way that somebody can’t just steal your conversion table and suddenly reverse-engineer all the data,” Fred Cate, cybersecurity professor at Indiana University said.  

Hashing data is just a way to obscure what it says.

B-crypt is a type of hashing. Think of it as the next level of security. It basically converts the data to something random again and again. The next level is salting. “And salting,” Cate said, “is where as part of the encryption process you add other irrelevant data.” 

It’s jumbling up stuff even more, which is good for when people use common words in their passwords. The downside: “It’s computationally resource intensive is the way we would put it,” Cate said. 

In other words, this makes your computer’s head hurt, and it might take it a little longer. Cate said Yahoo wants security, but it also doesn’t want to frustrate its users by having them wait every time they sign in, adding that some users find even a few extra seconds annoying. 

But not everyone’s password gets this level of security. Yahoo said it uses bcrypt on “the vast majority” of hashed passwords. Amber Steel, product marketing manager with LastPass, a password manager, said the number of users with lower-level password protection can be big. “Now, even if only 5 or 10 percent haven’t been, I mean that’s still a huge number when you’re talking about 500 million accounts being affected,” she said. 

A Yahoo spokesperson emailed this statement: “We shared as much specificity in our press release and Tumblr as possible, including using the words b-crypt and hashed password, since those terms are important to understanding the potential effects of the theft. While these terms may be unfamiliar to some, knowing that your password was b-crypt protected and hashed informs a user that it would still require the adversary considerable expertise and resources to use it. We defined b-crypt and hashed password in our FAQ page for those who want more information.”

 

 

 

Fall of the Berlin Wall
Fall of the Berlin Wall
The financial lessons of Germany's reunification 30 years ago.  
Check Your Balance ™️
Check Your Balance ™️
Personal finance from Marketplace. Where the economy, your personal life and money meet.
How We Survive
How We Survive
Climate change is here. Experts say we need to adapt. This series explores the role of technology in helping humanity weather the changes ahead.