LinkedIn and eHarmony Lesson: Salt or Die
Adding random bits to create a unique input to a one way function would have most certainly prevented the LinkedIn and eHarmony password fiasco last week. If this sounds complicated and expensive, it isn’t; I explained it right here on Techblog last year. It’s called “salting,” it’s been around for decades and it’s practically free both from the standpoint of implementation and performance.
If salting passwords improves security, doesn’t degrade performance, and is very inexpensive to implement than why didn’t LinkedIn and eHarmony do it?
I’m one of the 6.5 million people whose password was exposed that would love to know.