In our case, I didn't explore the pragmatics of decryption because my broader concern was if it could be done, which is a big if, since we're talking about millions of passwords, all I would get is a bunch of passwords, some of them could be legitimately typed in wrong. So lots of clever filtering needed to happen. Another concern of mine was what would we do with the data? Having clear text passwords in hand at that scale was like holding a bomb. So, I didn't even push for it internally.
I felt that the folks who repeatedly typed in their password and still got a problem and were angry enough to complain about it were also the ones most likely to work with us. Ironically, I think we needed less data in the absolute sense.
The other nuance that I did not discuss in the article is that I made it clear to the team, I am making this call, and I was the one on the Twitter account. Given the optics of the matter being security related, if it went poorly from a PR perspective or somehow other issues got created from it, I felt like I needed to take the fall even though the team agreed what I was proposing would give us key insight.
The one thing I will say about Netflix was that they tolerated mavericks, and this was an example of a calculated production risk I took at the time. I was never reprimanded for the stunt. Had it gone wrong, I also knew I'd be jobless the next day but I could live with that.
Talking directly with the customers makes sense. I wouldn’t have thought of it because of the security concerns lol. But it was simple and effective. That’s great that Netflix didn’t reprimand. The risk seemed worth it.
I guess some customers were using random hexadecimal generators for passwords.
Great case study for a MBA course!
Great story, Han. Reminds me of an incident where Twitter couldn’t decrypt it’s credentials table: https://max.levch.in/post/724289457144070144/shamir-secret-sharing-its-3am-paul-the-head-of
This is a super fun story!
In our case, I didn't explore the pragmatics of decryption because my broader concern was if it could be done, which is a big if, since we're talking about millions of passwords, all I would get is a bunch of passwords, some of them could be legitimately typed in wrong. So lots of clever filtering needed to happen. Another concern of mine was what would we do with the data? Having clear text passwords in hand at that scale was like holding a bomb. So, I didn't even push for it internally.
I felt that the folks who repeatedly typed in their password and still got a problem and were angry enough to complain about it were also the ones most likely to work with us. Ironically, I think we needed less data in the absolute sense.
The other nuance that I did not discuss in the article is that I made it clear to the team, I am making this call, and I was the one on the Twitter account. Given the optics of the matter being security related, if it went poorly from a PR perspective or somehow other issues got created from it, I felt like I needed to take the fall even though the team agreed what I was proposing would give us key insight.
The one thing I will say about Netflix was that they tolerated mavericks, and this was an example of a calculated production risk I took at the time. I was never reprimanded for the stunt. Had it gone wrong, I also knew I'd be jobless the next day but I could live with that.
Talking directly with the customers makes sense. I wouldn’t have thought of it because of the security concerns lol. But it was simple and effective. That’s great that Netflix didn’t reprimand. The risk seemed worth it.
I guess some customers were using random hexadecimal generators for passwords.