Data/Cyber/Cloud Security, Privacy, Website Security, Data Encryption, Malware/Viruses, Open Source Intelligence, Cyber Defence, Data Breaches

Contact Graeme

Journalists, students, potential clients or anyone else email.......
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key
For the last few years I used to think LinkedIn compared to Facebook, Twitter and alike had better security and privacy but maybe now I am wrong.

All the stories from the past few days talk about poor password hashing and of course this is correct but we should also think how could someone pinch the password list in the first place.

SHA-1 (Secure Hash Algorithm 1) was used to secure the passwords but SHA-1 is the lowest of Secure Hash Algorithm (1, 2, and 3). You would think a professional social networking website would pick SHA-3 at least or add salt.

Salting still uses SHA-1 (or whatever) but it adds a string of random text. Without salting passwords can be recovered using a dictionary file or brute force.