MD5 encrypted pit YAHOO massive leak is a kind of tragedy


MD5 encrypted pit YAHOO massive leak is a kind of tragedy

NetEase technology news December 19th, according to Reuters reports, in the summer of 2013, YAHOO launched a new project to protect the user's password, while giving up the old poor security MD5 encryption program. Hope that through this initiative to better protect the user password security.

it's too late, it's too late. In the same year in August, hackers stole more than one billion YAHOO account information, account passwords and personal information together in the leaked list. The theft of information is so great that it is the history of the world. YAHOO was aware of this data theft after three years, and announced last week.

The timing of the

attack may seem like YAHOO's bad luck. But the shortcomings of MD5 encryption as early as ten years ago, hackers and security experts have been aware of. Compared to other uses Hashi (hashing) algorithm encryption, MD5 easier to crack.

as early as five years ago, YAHOO belatedly, namely 2008, leak alarm system by the Software Engineering Institute of Carnegie Mellon University funded by the U.S. government issued a public warning to security professionals: MD5 shall be deemed to have cracked the encryption method, is not suitable to use.

, according to five former YAHOO employees and external security experts say, YAHOO due to unilateral emphasis on business development and led to the neglect of security issues. If YAHOO in a timely manner with a stronger encryption scheme, then even if hackers hacked into the YAHOO network, the damage will be far less than the current.

Kennedy, chief executive officer of

network TrustedSec ·, said: "MD5 is thought to be out of date by 2013" (David Kennedy). Most companies have since begun to use a more secure hash algorithm." But he did not specify the name of the company.

and YAHOO until the attack is still using MD5 encryption, the final generation of the network giant for its neglect of security paid the price.

YAHOO in a statement to Reuters, said: in more than 20 years of history, YAHOO has been focused on investment in the field of security to protect our users. Since 2012, the company invested more than $250 million in the field of security."

just look at the business, despise security

however, insiders say that the statement is different. According to former employees of YAHOO's security department, said the security team, including strong encryption, including new security measures are often rejected by the high level, on the grounds that spending is too high. And the leadership seems to think that security issues are not so high priority to occupy the capital.

capsule shy from the internal point of view reflects the fierce struggle in the field of Internet banking. YAHOO's revenue and profit peaked in 2008, then fell all the way. While Google, Facebook and other consumers have gradually seize the bright younger generation Internet business.

< >

Leave a Reply

Your email address will not be published. Required fields are marked *