0

I see every now and then how hackers stole DB with emails and hashed passwords of millions of users from popular websites and sell it on the black market.

I assume that passwords were hashed with proper unique salt for each which makes rainbow tables useless. And in the end, a consumer only gets emails and useless hashes.

My question is, how it can be useful for anyone? The only possible reason as far as I can see is that they also provide salt for each password. Is my assumption correct?

mef_
  • 101
  • 1
    "consumer only gets ... useless hashes" -- you've made the leap in logic that the salted hashes are useless. – schroeder Mar 11 '20 at 07:22
  • 1
    And this might be useful for you: https://security.stackexchange.com/questions/17421/how-to-store-salt The salt is part of the password database – schroeder Mar 11 '20 at 07:23
  • it's useless for those who got the hash without salt – mef_ Mar 11 '20 at 07:24
  • "Why do people buy these databases?" -- because they are useful. "How do the buyers get around the requirement to have the salt?" -- because they have the salt. – schroeder Mar 11 '20 at 07:26

0 Answers0