Giovanni Bajo wrote: > Il giorno 11/feb/2013, alle ore 13:25, Jesse Noller <[email protected]> ha > scritto: > >> Actually I was thinking about this in the shower: the likelihood that pypi >> users used the same passwords as they did on the wiki is probably much >> higher than any of us assume. > > Given that the passwords were unsalted in both instances, a set intersection > is enough to verify.
The moin wiki passwords were salted. The reason we reset the passwords, was that the attackers had access to both the salt and the hashes. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
