Articles I've written

Cracking passwords from the dump
January 2, 2018

You don't crack passwords using rainbow tables or brute-force attacks anymore. So this probably wasn't a plaintext leak, somebody have cracked 750k passwords and uploaded them online. I've tried cracking them too.

(read more…)

Upgrading existing password hashes
September 5, 2017 (updated March 20, 2024)

Still using MD5 or SHA-1 to store user passwords and want to gracefully migrate to e.g. bcrypt? Want to do it properly to protect all passwords in the database? Here's how.

(read more…)

All articles