Sony Finally Explains PSN Data Encryption, or Lack Thereof

Ryan Whitwam

Sony has once again commented on the PSN outage and hacking incident. But this time we got a little more technical information than previous disclosures offered. Contrary to past reports, Sony claims that passwords were not stored in plain text , or in any easily accessible form. They were not encrypted, but were rather "transformed using a cryptographic hash function." Well, it's better than nothing.

A hash of a password is reasonably secure, but not in the same way an encrypted password would be. With sufficient data, a hacker could work backwards to find a hash key and find the plain-text password. An encrypted word cannot be read without the key. It will therefore be much harder for anyone to extract the PSN passwords.

Sony also clarified the situations with credit card numbers. They say that this information, unlike passwords, was encrypted. Additionally, it was not stored with the authorization number most sites require. It might be unlikely a bad guy can get your card number from the stolen data, but Sony is cautioning users to be vigilant anyway.

Around the web

by CPMStar (Sponsored) Free to play

Comments