[Info-vax] OpenVMS x64 Atom project
Arne Vajhøj
arne at vajhoej.dk
Mon Jun 7 15:14:11 EDT 2021
On 6/7/2021 1:45 PM, Bill Gunshannon wrote:
> On 6/6/21 11:42 AM, Arne Vajhøj wrote:
>> It has now become public that the pipeline got hit because:
>> - a user had the same password at another site as for VPN to them
>> - that other site got compromised and the password database got stolen
>> and cracked
>> - MFA not used
>>
>> Rather trivial, but a lot of breaches are considered trivial - after
>> the fact.
>>
>
> As I have said before, the only breach we had when I was the
> administrator of the CS Department was one user account and
> that was because he used his department password for a WordPress
> account on the Web somewhere and we all know how good their
> security is.
8 printable character hash approx. equals 48 bit hash and
256 or 8192 rounds of MD5 hash.
Not good per 2021 standards. But worse has been seen in the wild.
Arne
More information about the Info-vax
mailing list