Evernote Used Substandard Cryptography

By Robert Vamosi | 3/6/13 2:12 AM

The note-syncing service Evernote suffered a data breach last week, and security experts say it didn't need to happen.

According to Ars Technica Evernote used MD5 cryptographic algorithm to convert user passwords into one-way hashes before storing them in a database, which, say the experts, also made an attacker's job of cracking the hashes much easier by allowing billions of guesses per second. Even adding a cryptographic salt is considered a poor practice.

Read More >
COMMENTS