Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Voxera115856yEven if the other site uses another hashing solution often the hashing solution is not that secret, any good hashing does not need to be kept secret.
They can then, when you login use that solution to generate a hash to be matched against those hashes.
And sometimes that other site used so bad hashing that the dump is the real password in which case they can use it and hash it just as they do when you login. -
ymas4716yThere are loads of clear text dumps on the web and the dark web.
https://medium.com/4iqdelvedeep/...
With this in mind, I think cross checking is a pretty reasonable thing to do.
I *hate* passwords. -
Root826026yThere are several ways of checking that don't implicate them for storing cleartext passwords; however, their wording absolutely does.
-
yangshun2176yCorrect me if I'm wrong, but your password when sent to the server for verification is still in plain text. Can't they compare it with the dump then? That doesn't mean your password is stored in plain text.
-
I'm with @Root on this one only keep in mind that Instagram is owned by Facebook.
Facebook is integrated within the biggest mass surviellance program ever created so I doubt that they hash passwords or if they do that, don't make them available for either the nsa or law enforcement agencies at request.
First of all how the fuck you are able to tell that MY password is one of many that have been stolen? How you are able to get those stolen passwords AND WHY YOU ARE EVEN ABLE TO COMPARE THEM?! Are you storing as plain text or just randomly salt all stolen passwords and chceck if they are in your base?
Now that is an INSTAdelete.
rant