this post was submitted on 07 May 2024
509 points (94.3% liked)

Technology

59578 readers
2917 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] barsquid@lemmy.world 0 points 6 months ago (1 children)

You're incorrect. If they salt the hash and use bcrypt it is computationally infeasible for Microsoft to match it against a customer. Or at least expensive enough that Microsoft would insist on warrants and subpoenas.

[โ€“] sudneo@lemm.ee 1 points 6 months ago

Computationally infeasible? It's as expensive if every user made a single login (if they use bcrypt for passwords).

They don't need to do it for every user, they need to do it for one only. Salting is fairly irrelevant in this context. And we are talking about resources for Microsoft, or Google, or Apple. And this is also assuming they can't further segment the customers by other metadata, such as location (in this case for example, Spanish users), which will drastically reduce the number of users to try. If every Spanish person had a user, you need 47kk hashes. Years ago single rigs pumped more than 10k bcrypt/s. That would be 1h of computation give or take? Assuming a fraction of that and not the immense computing power of big tech, it's still something completely achievable for an investigation.