Oh how I long for the days of hackers simply cracking password hashes. Defending against that technique required only three steps: First, protect your password hashes from being stolen. Second, use strong password hashes. Third, make your passwords long enough to prevent easy cracking.
These days, cracking password hashes is pass�. Today's hackers are all about pass-the-hash (PTH) attacks. With PTH attacks, the bad guys steal the hashes -- either from the password-hash-storage databases or from memory -- and reuse them to create brand-new authenticated sessions.
No comments:
Post a Comment