Hacker News new | past | comments | ask | show | jobs | submit login

”All they said here is that the passwords are hashed and with a reasonably secure method -- bcrypt”

The “majority” of the passwords was hashed with bcrypt. https://content.myfitnesspal.com/security-information/FAQ.ht...: ”The MyFitnessPal account information that was not protected using bcrypt was protected with SHA-1, a 160-bit hashing function.”

That majority could be as low as 50.0000001%. I also couldn’t find how many accounts were affected. I guess they don’t know, so we must assume all of them.




They probably do know, and practically speaking I would guess that those accounts using an older hash are those which nobody has logged into since they switched to bcrypt. Yeah, we don’t know for certain, but it’s a reasonable assumption.


> That majority could be as low as 50.0000001%

It could only be that low if they have about half a billion user accounts.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: