Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 32 subscribers
  • Views 2138 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

KBA 135412 Hashing Algorithm???

AlexRomp

The KBA says if you were attacked, the passwords were hashed.  Don't supposed anybody knows how they were hashed or if Sophos will share that data with us?  Were they salted?  MD5 (I hope not but I'd bet it is)?  Something better like SHA1?

 

I'm going to see if anybody has any PoC attacks written about this online where we can see the exfiltrated data.



This thread was automatically locked due to age.
Parents
  • 0

    I would also be interested in this.  I also have concerns about the saved credentials for the LDAP account stored for AD authentication. I'm assuming it was stored in the DB but how it's hashed is anyone's guess.  Some more transparency out of Sophos would be helpful.

Reply
  • 0

    I would also be interested in this.  I also have concerns about the saved credentials for the LDAP account stored for AD authentication. I'm assuming it was stored in the DB but how it's hashed is anyone's guess.  Some more transparency out of Sophos would be helpful.

Children
No Data