Technology @lemmy.world Dot. @feddit.org 1mo ago

The Club Penguin Experience got breached.

Source.

23 comments

obligatory bcrypt is not encryption
- Correct but you also dont want an encrypted password. You want a hashed password.
  
  this is true, and the name bcrypt can be misleading to non experts. i don’t blame them for getting this wrong in a pr statement 🤷‍♀️
bcrypt... with how many iterations? seems like an important detail
- I don’t think I’d make that information public were I in their shoes. Wouldn’t that be a hint for anyone attempting to crack them?
  
  no, it’s (usually) stored as a part of the hash
Pretty good disclosure text. There are much bigger companies that don't manage to be this clear.

The only nitpick I have is saying "encypted" with bcrypt, even though they clearly know that bcrypt only hashes things.
- I'm willing to give him a pass on that one since they're probably worried that their General audience will understand the word encrypted but not understand the word hashed
What the hell is Club Penguin?
- Habbo hotel for the little, little ones I think?
- Permanently Deleted
  
  Hey, I was born in the early 2000s and Club Penguin was huge when I was a kid! Everyone my age knows about it.
  
  I was born in the late 1980s, can I know what it is?
  
  Edit: Looks like a game. Are we assuming everyone in a technology community cares about video games? I’m a programmer but can’t get into video games at all.
  
  I guess you were born in the 1950s, kids these days just don't know...
So what password hashing mechanism upgrades they implemented?
But didn't club penguin close doors ?
- Permanently Deleted
  
  Ahh alright thanks

23 comments