Skip to main content

Why hacked Blizzard passwords aren't as hard to crack as company says

posted onAugust 14, 2012
by l33tdawg

The silver lining in Thursday's news that hackers extracted significant user information from online gaming empire Blizzard was that passwords were protected by an encryption scheme the company said is "extremely difficult" to crack. We reported that the use of cryptographic "salts" made it "extremely unlikely" that plaintext passwords could be derived from the cryptographic hashes. Security researchers, including those at Sophos and Intego, agreed.

But other researchers warned that Blizzard's advisory overstates the case and may give users a false sense of security. The researchers noted that the Secure Remote Password protocol used to convert plaintext into cryptographic hashes is a decade-old scheme that is focused on protecting passwords as they traverse the Internet, rather than when they're "at rest"—that is, when they're stored in a database on a website server. One blogger who took the time to read the official SRP whitepaper written by the protocol author has gone so far as to request a retraction or clarification from Blizzard President Mike Morhaime.

Source

Tags

Blizzard Games Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th