Good to know, thanks for the info. Sounds like your security practices are solid, that's great.
I think your follow ups are surprisingly fast and useful, no need to be sorry. Dropbox recently somewhat said they were hacked without any real useful info and it actually happened 4 years ago.
THE HACKERS HAVE TAKEN CONTROL. I REPEAT. :^)
I think your follow ups are surprisingly fast and useful, no need to be sorry. Dropbox recently somewhat said they were hacked without any real useful info and it actually happened 4 years ago.
Janitsu wrote:
Why is Matt no longer admin? Why is he user???
********'s a pretty good fertilizer
You need to log in before commenting.
We do not actually store your passwords. When you set your password, before we do anything we immediately apply what is called a salt to it, then we hash that using a strong algorithm, but we repeat it many many times over, this is called stretching. The salt is to counter dictionary attacks, because you'd need to generate a new dictionary to account for the salt and every single one of you has a unique random salt on your password. The stretching also makes dictionary attacks exponentially slower by requiring hashes to be run many times over for each attempt.
Say you're an attacker and you got a hold of someone's hashed password. You need to rehash every single password in your dictionary to include the unique salt for that password. If you have to run a complex hash on tens or hundreds of thousands of potential passwords to account for that salt, that's gonna take time. If you then also have to run that hash dozens of times for each and every possible password, it's going to take exponentially longer, even just for one password.
Hope that makes sense. Even if someone did somehow see your hashed password, it would be pretty useless to them.