San Francisco/Boston/Washington — In the summer of 2013, Yahoo launched a project to better secure the passwords of its customers, abandoning the use of a discredited technology for encrypting data known as MD5. It was too late. In August of that year, hackers got hold of more than a billion Yahoo accounts, stealing the poorly encrypted passwords and other information in the biggest data breach on record. Yahoo only recently uncovered the hack and disclosed it in December. The timing of the attack might seem like bad luck, but the weakness of MD5 had been known by hackers and security experts for more than a decade. MD5 can be cracked more easily than other so-called "hashing" algorithms, which are mathematical functions that convert data into seemingly random character strings. In 2008, five years before Yahoo took action, Carnegie Mellon University’s Software Engineering Institute issued a public warning to security professionals through a US government-funded vulnerability alert ...
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.
Subscribe now to unlock this article.
Support BusinessLIVE’s award-winning journalism for R129 per month (digital access only).
There’s never been a more important time to support independent journalism in SA. Our subscription packages now offer an ad-free experience for readers.
Cancel anytime.
Questions? Email helpdesk@businesslive.co.za or call 0860 52 52 00. Got a subscription voucher? Redeem it now.