top | item 40557580

(no title)

Lex-2008 | 1 year ago

From the article:

> Servers store passwords in the form of hashes, so even if a hacker steals the database, they see the hashes, not the actual password.

So as I understand it, the article assumes that someone hacked a website where you had an account, and want to get your password (for the hacked website), in order to try using the same (username and) password to get access to your account on other websites.

Or, as other comments mentioned, they might intercept wifi authentication packets (which contain hash of the wifi password), and try to get wifi password from it.

discuss

atmanactive|1 year ago

Ah yes, thanks for the clarification. So, two mishaps are needed for this to work: a site needs to be hacked and the user database stolen, and, a person needs to use the same user/password for all sites. Takeaway: never use the same password twice. Got it.

matthewmacleod|1 year ago

AND that site has to be using unsalted MD5 password hashes, in which case you were already doomed