KATSANA Advanced GPS encrypts user passwords using bcrypt to prevent outsiders from being able to read it directly. bcrypt is an extremely strong cryptography and a good implementation will ensure that user’s private data is safe from prying eyes.
The same cryptography is implemented in an infamous dating website, Ashley Madison which was hacked a few months ago. Technically, it will take centuries for the hackers to decrypt the passwords and making it readable in plaintext. However, due to a programming and implementation error by developers of Ashley Madison itself, researchers were able to crack over 15 million passwords that belong to the users. The vulnerability allowed hackers to decrypt the passwords in orders of magnitude faster than normal. That means, data that is designed to require decades or at least a few years to crack can be recovered in just a few weeks.
The vulnerability on Ashley Madison’s website was due to it’s mixed implementation of security tokens using MD5 which is a lot faster to crack and more efficient to crack.
Thus, upon learning of the techniques used to crack these passwords, our team immediately examine our codes to make sure that KATSANA is safe and adheres to strict security standards. We have gone through our implementation techniques for all major components such as authentication, session and cookies. The outcome is, we are happy to announce that we do have not a similar vulnerability in KATSANA.
We are proud of how our security is designed and we strive to ensure that data security is always our top most priority.