Data Security (Inc. Data Loss Prevention), Cyber Security, Privacy, Website Security, Email Security, Malware/Viruses, Open Source Intelligence, Cyber Security/Product Training

Service Offerings

  • Cyber security training
  • Product reviews
  • Blog or article writing
  • SME & UHNWI cyber security
View more details here or email me.

Chapter Author

Contact Graeme

Journalists, students or potential clients:
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key

No AI Used Here

LinkedIn; password hashing enough?

Details
Category: Blog
For the last few years I used to think LinkedIn compared to Facebook, Twitter and alike had better security and privacy but maybe now I am wrong.

All the stories from the past few days talk about poor password hashing and of course this is correct but we should also think how could someone pinch the password list in the first place.

SHA-1 (Secure Hash Algorithm 1) was used to secure the passwords but SHA-1 is the lowest of Secure Hash Algorithm (1, 2, and 3). You would think a professional social networking website would pick SHA-3 at least or add salt.

Salting still uses SHA-1 (or whatever) but it adds a string of random text. Without salting passwords can be recovered using a dictionary file or brute force.
© Copyright 2012-2026 DataSecurityExpert.co.uk

Sorry, this website uses features that your browser doesn't support. Upgrade to a newer version of Firefox, Chrome, Safari, or Edge and you'll be all set.