Programming Errors Weaken bcrypt Hashes of Ashley Madison Passwords
Ashley Madison encrypted users’ passwords using the bcrypt function. It’s a secure password-encryption function, but two implemention programming mistakes allow millions of passwords to be easily decrypted. Ars Technica explains the problems.
ramriot • September 14, 2015 6:46 AM
Like all security mistakes, when you see it there is a real world DOH! moment. Gotta go now and change the userToken class in all my security products Doh!