this post was submitted on 19 Jun 2025
-23 points (28.3% liked)

Technology

71949 readers
8808 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
-23
16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now (www.forbes.com)
submitted 1 week ago by [email protected] to c/[email protected]
9 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 week ago (4 children)

As far as I know, the passwords aren't stored in the databases, it's the hash produced by a one-way function that is stored in the database. Grabbing these is useless.

[–] [email protected] 1 points 1 week ago (3 children)

Hashes can be brute forced, it's just normally too expensive to do so for any reasonably complex password. If you're using "password123" as your password even a hashed password is easily cracked (salting and peppering can help make this more difficult, although still not impossible).

[–] [email protected] 1 points 1 week ago (1 children)

I'm perfectly aware anything can be brute forced and that's why it doesn't worth to mention. Now, the amount of resources required to brute force a hashed password has nothing to do with the complexity of the password. No matter what the password is, the hash will have a fixed length and appear as a random sequence of bytes. Otherwise you are not doing it properly.

The complexity of the password has something to do with guessing the password from dictionary or known most common passwords.

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago) (1 children)

Kind of both. The modern way of brute forcing is to just hash the 100,000 or so most common passwords, previously leaked passwords, and minor permutations of all of the above. It's computationally and space intensive, but for a determined attacker entirely doable on modern hardware. That's why complexity matters, because it's not a simple iteration through every possible permutation, but a targeted search through a known password list.

[–] [email protected] 1 points 1 week ago

That's why it's not brute force anymore.

load more comments (1 replies)
load more comments (1 replies)