Thread: Was Paxum.com Hacked?
View Single Post
Old 02-11-2012, 08:06 AM  
mafia_man
Confirmed User
 
mafia_man's Avatar
 
Industry Role:
Join Date: Jul 2005
Location: icq#: 639544261
Posts: 1,965
Quote:
Originally Posted by k0nr4d View Post
They store it in an md5 hash, you can see it in the cookie named 'toplabs' that they store when you login:
a:3:{s:4:"user";s:25:"[email protected]";s:4:"pass";s :44:"passwordhashhere";s:2:"no";i:13;}

What they store in the cookie is what appears to be a base64-encoded md5 hash. It appears to be salted.
MD5 has been ripped to pieces a long time ago. As a financial institution they should be using bcrypt minimum.
__________________
I'm out.
mafia_man is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote