>> In July 2012, nearly 443,000 email addresses and passwords for a Yahoo site were exposed.Yahoo stored its contributor network user names and passwords in plain text.Because people reuse passwords on many different sites,these compromised plain text passwords attached to an email addressin the breach were now at risk in many locations.This included really strong passwords, like a 31-character password, that was in the dump.In September 2016, Yahoo announced a breach of 500 million users.In December 2016, Yahoo announced that hackers stole details from over a billion user accounts,including names, addresses, phone numbers,and weekly hashed passwords, in attacks that started in 2013.This is, in fact, the largest data breach currently on record.In this case, Yahoo was slammed for using the MD5 has functionwhich had been broken two decades earlier.6.5 million LinkedIn password hashes were leaked in June 2012, linked and also usedin insecure hash function SHA-1, which is a step up from MD5, but LinkedIn failed to use salt,which made the use of SHA-1 a moot point since rainbow tables were ableto derive the plain text passwords.
转载于:https://www.cnblogs.com/sec875/articles/10015935.html
相关资源:JAVA上百实例源码以及开源项目