An analysis of passwords stolen from eHarmony and leaked to the Web recently reveals several problems with the way the dating site handled password encryption and policies, according to a security expert.
The biggest problem clearly was that the passwords, although encrypted and obscured with a hashing algorithm, were not "salted," which would have increased the amount of work password crackers would need to do, writes Mike Kelly, a security analyst at Trustwave SpiderLabs, in a
blog post today.