Obviously Kickstarter's not gonna release what they're using to hash. But even when LinkedIn got hacked, a technology based site you think would at least use a fucking salt, it was just a straight unsalted sha1 hash.
Hopefully they had a good hashing algorithm. I wonder how hard is it to compute even semi-usable rainbow tables for a salted sha256 password hash? The 256+ algorithms have no discovered collisions (last I read).
|