Re: Mt.Gox: No SQL injection happened, switch to SHA-512, offline until 8:00 am GMT

Quote from: semarjt on June 20, 2011, 03:18:24 AM

Quote from: Epinnoia on June 20, 2011, 03:06:22 AM

The excuse given was to blame the auditor. And for privacy reasons, they won't name the auditor.

This doesn't make any sense at all. What use is an audit performed by unnamed entities? It's the credentials of the auditor which give credence to the audit they perform, is it not?

What use is it for an auditor to have password hashes?

No use whatsoever.

However, they are easy to overlook if someone asks you to make a quick dump of the database to give to the auditors. Bet they'll have a formal policy and procedure in place before the next audit...