Beware of Password Shucking

added by DotNetKicks
4/13/2021 4:21:22 PM

576 Views

Password shucking is a method of stripping layers off an updated password hash, removing the benefits of its new password hashing algorithm and reverting it to its weaker algorithm. Password shucking can be used by an attacker against old rehashed passwords or pre-hash passwords, enabling them to strip away or "shuck" off the strong outer password hashing algorithm.


0 comments