pulse.michalspacek.cz Open in urlscan Pro
2a05:d018:252:8f00:fe52:a8fb:27cb:748a  Public Scan

Form analysis
0 forms found in the DOM

Text Content

WWW.MALL.CZ PASSWORD STORAGE DISCLOSURES

How securely do they store user passwords & how good are they at letting us
know?

@PasswordStorage • Rating guide

» Pulse » Passwords » Passwords storages




MALL.CZ (INTERNET MALL, A.S.)

www.mall.cz
Rating B

bcrypt (since October 2016, disclosed August 2017)
Details

Params: cost=10

Disclosures:

 * 2016-09-01 Twitter (official account) arch
 * 2017-08-27 blog arch

History
Salted SHA-1 (since November 2012, disclosed August 2017)
Details

Disclosures:

 * 2016-09-01 Twitter (official account) arch
 * 2017-08-27 blog arch

MD5 (disclosed August 2017)
Details

Disclosures:

 * 2017-08-27 blog arch

Why "B"?

A slow hashing function is used but such info is "invisible", hidden in a blog
post or a talk, or on social media.

Recommended change: Publish storage and hashing info details visibly (e.g. in
the docs or FAQ), then let me know.

A Michal Špaček project. Questions? Tip: compare two or more sites by adding
hostnames to the URL, separated with comma, like in this example.