Image: Dr. Cloud/Shutterstock
Advertisement
Encryption, where data is protected with a digital lock and key (or a two-way function, in security speak), is not an effective way to protect passwords when compared to hashing (a one-way function that turns the password into garbled nonsense with no key to turn it back). Thorsheim told me he was concerned to hear eBay say it was using regular encryption, rather than hashing, as in the case of Adobe, which was hacked last year and was criticised for using weak encryption methods.“If you’re storing the password in a really good way, with a hash, I don’t have to get off my plane to change my password. But if it’s just encrypted I have to."
Advertisement