[Catalog-sig] Pull request to migrate PyPI to bcrypt
M.-A. Lemburg
mal at egenix.com
Mon Feb 11 14:15:14 CET 2013
Giovanni Bajo wrote:
> Il giorno 11/feb/2013, alle ore 13:25, Jesse Noller <jnoller at gmail.com> ha scritto:
>
>> Actually I was thinking about this in the shower: the likelihood that pypi users used the same passwords as they did on the wiki is probably much higher than any of us assume.
>
> Given that the passwords were unsalted in both instances, a set intersection is enough to verify.
The moin wiki passwords were salted.
The reason we reset the passwords, was that the attackers had
access to both the salt and the hashes.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
More information about the Catalog-SIG
mailing list