Security News > 2022 > August > S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]

S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]
2022-08-11 18:34

If we turn back the clock to five years ago, that's when Slack started leaking hashed passwords.

If you're a Slack user, I would assume that if they didn't realise they were leaking hashed passwords for five years, maybe they didn't quite enumerate the list of people affected completely either.

If you are Slack or company like it, choose a reputable salt-hash-and-stretch algorithm when handling passwords yourself.

The idea of a quantum computer, assuming a powerful and reliable enough one could be built, is that certain types of algorithms could be sped up over the state of the art today, either to the tune of the square root or even worse, the *logarithm* of the scale of the problem today.

Just in case these quantum computing devices do become feasible in the next few years, maybe we should start preparing now for encryption algorithms that are not vulnerable to these two particular classes of attack?

Anyway, NIST, the National Institute of Standards and Technology in the USA, has for several years been running a competition to try and standardise some public, unpatented, well-scrutinised algorithms that will be resistant to these magical quantum computers, if ever they show up.


News URL

https://nakedsecurity.sophos.com/2022/08/11/s3-ep95-slack-leak-github-onslaught-and-post-quantum-crypto-audio-text/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 3 42 30 15 90