How does password authentication work on web sites?
I recently read an article about the Ashley Madison hack. For those of you who aren’t into cheating on your spouse, Ashley Madison is a web site where you can sign up and meet up with other lovely people in order to have an affair.
Anyway, they were recently hacked. More than 11 million passwords were obtained, and the reason why made me fall off my chair.
In short, the users’ usernames + passwords were stored in the site’s database in an MD5 hash – along side a BCrypt hash of the user’s password.
Well, what does all this mean to you?