 WeirdalPremium
join:2003-06-28
Lincoln, NE
kudos:17 | Keep Passwords Hashed I was thinking about this today and I think it would be a great addition to the site. I've seen this implemented on a few other forums I visit and it seems to work well:
We should keep passwords hashed instead of stored in plaintext.
Opinions?
--
»[Info] The DSLR Orangeface extension 2.0! |
|
|
|
 removedPremium,VIP
join:2002-02-08
Houston, TX
kudos:36 | *object* |
|
 GeekNJPremium
join:2000-09-23
Waldwick, NJ | reply to Weirdal
I don't think you need to make this request based on yesterday and today.
Removed has an auto-bot which scans the forum every 15 secs and for any new thread auto objects. I don't think he'll win out here though.
--
Tweaked your connection? | Mail Parse | Speed Converter |
|
 DreadR.I.P JazzyPremium
join:2005-02-28
Bronx, NY
kudos:6 | **Object** |
|
 C_Kill The SocialistsPremium
join:2001-03-19
kudos:3 | reply to Weirdal
*sign* |
|
 nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7
 ·AT&T U-Verse
| reply to Weirdal
That's a management decision, and I will leave it up to their judgment.
I seem to have been lucky. Or at least, I have not received an email from the site, and my password still seems to work. I do not use that password anywhere else.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.4; firefox 4.0 |
|
 sapoCruising Down Memory LanePremium
join:2002-09-16
Sacramento, CA
kudos:1 | reply to Weirdal
If we believe we can achieve. |
|
WeirdalPremium
join:2003-06-28
Lincoln, NE
kudos:17 | reply to nwrickert
said by nwrickert:That's a management decision, and I will leave it up to their judgment.
Yeah it's none of our business. I mean, what's the worst that could happen anyway? 
--
»[Info] The DSLR Orangeface extension 2.0! |
|
sapoCruising Down Memory LanePremium
join:2002-09-16
Sacramento, CA
kudos:1 | Someone emptied out $3000 from my PayPal. What the hell? What can I do. |
|
 fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:13 | Tell stories on the internet. |
|
 AlcoholPremium
join:2003-05-26
Climax, MI
kudos:3
 ·Comcast
| reply to sapo
said by sapo:Someone emptied out $3000 from my PayPal. What the hell? What can I do.
Team up with this guy and sue.
»identity protection
--
I found the key to success but somebody changed the lock. |
|
 dandelionPremium,MVM
join:2003-04-29
Germantown, TN
kudos:4 | reply to Weirdal
I am curious the positive and negative aspects of this, as a security measure would it be helpful? |
|
Reviews:
 ·Verizon Online DSL
·Optimum Online
·EarthLink
| reply to Weirdal
said by Weirdal:We should keep passwords hashed instead of stored in plaintext.
Opinions?
Smoke some hash and you won't care that your password is stored in plaintext. |
|
OZOPremium
join:2003-01-17
kudos:2 | reply to Weirdal
said by Weirdal:We should keep passwords hashed instead of stored in plaintext.
Of cause, this site should keep passwords hashed. I actually thought it was done this was from the first day... If you keep user passwords in plain text format - you take full responsibility for what happens, when someone gets access to DB (and it's just a matter of time when it will actually happen).
No one need to know my password in plain text and, sorry justin  , but it's just plain stupid to keep it this way. Moreover, the hash (additionally based on a simple challenge) could be sent over the Internet and rehashed in server to authenticate the user. It's just basics in any authentication process...
I really hope to see a fix soon.
--
Keep it simple, it'll become complex by itself... |
|
| reply to Weirdal
I will *sign* for this IF it is made optional for those users who don't want this feature. |
|
sapoCruising Down Memory LanePremium
join:2002-09-16
Sacramento, CA
kudos:1 | reply to fatness
I'll make sure to mention your name. |
|
GeekNJPremium
join:2000-09-23
Waldwick, NJ | reply to JLevinworth
said by JLevinworth :I will *sign* for this IF it is made optional for those users who don't want this feature.
Only if the other option is no password. Why be inconvenienced with having to enter a password.
--
Tweaked your connection? | Mail Parse | Speed Converter |
|
 MashikiBalking The Enemy's Plans
join:2002-02-04
Woodstock, ON
·Bright House
·TekSavvy Cable
| reply to nwrickert
said by nwrickert:That's a management decision, and I will leave it up to their judgment.
Any site using plaintext passes in this day and age is being silly and trying to pull a 'security though obscurity' blanket out for people, hoping that people have done their jobs, and you're a low risk for intrusion or attacks. I use a different pass for every site, and for a good reason. The majority of people don't. If the gawker/etc hack didn't teach you anything about common passes in use, then you're not paying attention to the stupidity of the average person.
Passwords should always be hashed, and in the best case should be salted too.
*sign* |
|
| reply to Weirdal
*sign*
I had never thought whether or not DSLR hashed passwords. Considering the subject matter covered on the front page of the site I find it hard to believe they don't. I mean... really? |
|
nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7 Reviews:
·AT&T U-Verse
| reply to Mashiki
said by Mashiki:Any site using plaintext passes in this day and age is being silly and trying to pull a 'security though obscurity' blanket out for people, hoping that people have done their jobs, and you're a low risk for intrusion or attacks.
I disagree.
There are different methodologies for authentication. In one method, the server site keeps only a hash of the password, and the user has to send the actual password over the wire. In an alternative method (a "shared secret" method), the server has the actual password, but only a hash is sent over the wire. A "shared secret" method is better protection against eavesdropping.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.4; firefox 4.0 |
|
