It's quite obvious from context that it's the latter. However, there is zero imp... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

InclinedPlane on Aug 1, 2012 | parent | context | favorite | on: Dropbox: Security update & new features

It's quite obvious from context that it's the latter. However, there is zero implication that they are storing passwords in plaintext. There are several ways to implement such a feature.

First, the password could be checked on login when it is sent in plaintext but not stored. Second, they could run an offline dictionary attack against the hashed password database.

pdkp on Aug 1, 2012 [–]

Given they state that some accounts were compromised by stolen passwords from "other websites," it would make sense to run some sort of dictionary attack using lists from those sites.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact