B
B
Bjornie2016-11-10 22:17:57
SQL
Bjornie, 2016-11-10 22:17:57

Why didn't large resources hash passwords?

I am studying the topic of hashing passwords (methods, salt, etc.) for storage in a database. It would seem a simple rule: hash passwords so that if they end up in the wrong hands, they cannot be read immediately.
I immediately had a question and I want to ask it here: I have read the news more than once that large areas were hacked and the passwords of millions of users were made public. The passwords were not hashed. At the same time, many sites were quite large.
How can this be? Why the decision was made not to hash passwords is a clear topic even for a beginner like me who understands why this should be done. Can anyone explain this point?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
A
Alexander Aksentiev, 2016-11-10
@Bjornie

Because large sites did not immediately appear with a heaped backend.
And they were built for years, and maybe decades already.
You can’t just take and throw away the old code, data, etc.
You still have to be backwards compatible.
Again, many still use hashing, but a banal enumeration will give out most of the passwords.
Which in the total mass is usually 123456, etc. See the top 100 passwords from any leaked database.
Also, some protocols/software require plaintext passwords.
The simplest example: authorization on mail.ru with a mailbox from another provider.
There is no other option than to store it in the open. Same thing with other mail collectors connected to each other.
And of course, human stupidity should not be underestimated, developers do not always think / know about security.

K
Karmashkin, 2016-11-11
@Karmashkin

possible scenario:
we're shit-coded and trying to take off by accumulating "technical debt" in the form of a safety net, and when the site becomes large, the debt remains unpaid.
did not have time, forgot, postponed, did not
allocate resources for this and the debt remained.

T
TyzhSysAdmin, 2016-11-10
@POS_troi

A strange question, and even more so at the wrong address :)
Ask him from those resources, then tell us.
In general, here, as always - "Well, somehow it happened like that"

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question