E-mailing account information
-
Of course it's not, it means they store passwords in plaintext, or with a reversible encryption (which doesn't provide significant additional safety - leak once, leak all). (And of course, they can send it once at sign up time, but not for recovery. Or the laws of physics might change, or quantum computing might turn out to just work.) (But hey, even HBGary didn't much better)
FILETIME to time_t
| FoldWithUs! | sighist | WhoIncludes - Analyzing C++ include file hierarchymodified on Wednesday, February 23, 2011 11:25 AM
peterchen wrote:
Of course it's not, it means they store passwords in plaintext, or with a reversible encryption (which doesn't provide significant additional safety - leak once, leak all).
No it doesn't, they can do that even if they store the password in a hash, by inserting the plaintext into the email before disposing the string which your input was initially stored in.
3x12=36 2x12=24 1x12=12 0x12=18
-
peterchen wrote:
how to store the salt?
In a shaker? ;P
Gotta run; I've got people to do and things to see...
-----
Don't tell my folks I'm a computer programmer - They think I'm a piano player in a cat house...
-----
Da mihi sis crustum Etruscum cum omnibus in eo!
-----
Everybody is ignorant, only on different subjects - Will Rogers, September 7, 1924:-D
FILETIME to time_t
| FoldWithUs! | sighist | WhoIncludes - Analyzing C++ include file hierarchy -
peterchen wrote:
Of course it's not, it means they store passwords in plaintext, or with a reversible encryption (which doesn't provide significant additional safety - leak once, leak all).
No it doesn't, they can do that even if they store the password in a hash, by inserting the plaintext into the email before disposing the string which your input was initially stored in.
3x12=36 2x12=24 1x12=12 0x12=18
You are a hard-to-please crowd to day. I've updated the post again.
FILETIME to time_t
| FoldWithUs! | sighist | WhoIncludes - Analyzing C++ include file hierarchy -
Anyone else think its annoying that when you create a account somewhere they mail you your complete account information. I don’t mind that they mail you the information you used to sign up or anything, but do they have to include your password in plain text?
saru mo ki kara ochiru (even monkeys fall from trees) Usualy i'm that monkey. If you want an intelligent answer, Don't ask me. To understand Recursion, you must first understand Recursion.
-
Not as annoying as slow loading web pages that automatically set focus on the username field causing me to type half of my password in the user name field.
Need custom software developed? I do custom programming based primarily on MS tools with an emphasis on C# development and consulting. I also do Android Programming as I find it a refreshing break from the MS. "And they, since they Were not the one dead, turned to their affairs" -- Robert Frost