@jubes Another reason to #boycott #Amazon: 100 million debit/credit card users leaked from Amazon's credit card processor (who foolishly used AWS to store the data):

**Marcus** @gerowen@mastodon.social · Jan 07, 2021, 06:02

**Marcus** @gerowen@mastodon.social · Jan 07, 2021, 06:02

Jan 07, 2021, 06:02

Marcus @gerowen@mastodon.social

@resist1984 @jubes According to the article most of the actual card info was hashed; here's hoping they didn't use MD5 or something...

**resist1984** @resist1984@social.privacytools.io · Jan 07, 2021, 06:10

**resist1984** @resist1984@social.privacytools.io · Jan 07, 2021, 06:10

Jan 07, 2021, 06:10

resist1984 @resist1984@social.privacytools.io

@gerowen @jubes i guess the critical question is how much of it was hashed. If just 4 digits were hashed, it would be trivial to hash and compare 10,000 combinations.

**resist1984** @resist1984@social.privacytools.io · 2021-01-07T06:21:50Z

resist1984 @resist1984@social.privacytools.io

@jubes @gerowen i'm assuming all hashes are designed to be fast and simple to compute.. at least, I've not heard of hashes that are deliberately computationally slow.

Jan 07, 2021, 06:21 · · · ·

**Neal Walfield** @nwalfield@mastodon.social · Jan 07, 2021, 07:03

**Neal Walfield** @nwalfield@mastodon.social · Jan 07, 2021, 07:03

Jan 07, 2021, 07:03

Neal Walfield @nwalfield@mastodon.social

@resist1984 @jubes @gerowen bcrypt, for instance, is designed to be slow ("bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower", https://en.m.wikipedia.org/wiki/Bcrypt ). So are proof of work functions.

Resources

Developers

What is Mastodon?

social.privacytools.io

More…