Hash chaining degrades security at Facebook
By: Thomas Rivasseau
Potential Business Impact:
Finds a way to break Facebook's password safety.
Modern web and digital application password storage relies on password hashing for storage and security. Ad-hoc upgrade of password storage to keep up with hash algorithm norms may be used to save costs but can introduce unforeseen vulnerabilities. This is the case in the password storage scheme used by Meta Platforms which services several billion monthly users worldwide. In this paper we present the first example of an exploit which demonstrates the security weakness of Facebook's password storage scheme, and discuss its implications. Proper ethical disclosure guidelines and vendor notification were followed.
Similar Papers
System Password Security: Attack and Defense Mechanisms
Cryptography and Security
Stops hackers from guessing your passwords.
Password Strength Analysis Through Social Network Data Exposure: A Combined Approach Relying on Data Reconstruction and Generative Models
Cryptography and Security
Finds weak passwords using online info.
AdaptAuth: Multi-Layered Behavioral and Credential Analysis for a Secure and Adaptive Authentication Framework for Password Security
Cryptography and Security
Protects phones by learning how you use them.