[thelist] hashing stored passwords (revisited)
Aaron Johnson
lists at cephas.net
Wed Jun 25 15:26:38 CDT 2003
> also, it's not just hackers that you are dealing with
> here. a sys admin could be a badguy as well. you never
> know -- mad for just being fired, curious, psycho,
> etc, etc. if he/she has access to your plaintext
> password, you may be in for some stressful ride.
>
> i personally would love to know if a site i am about
> to register with, will hash my password. if the answer
> is no, i would change my mind about the registration
> or use some junk password.
-- have a look at this Oreilly article:
Protecting Privacy with Translucent Databases
http://www.oreillynet.com/pub/a/network/2002/08/02/simson.html
"A translucent database uses cryptographic methods like hash functions and
public key cryptography to mathematically protect information so that it
cannot be wrongly divulged -- not even to a crooked database administrator.
Translucent databases provide for unparalleled protection of sensitive
information, be that information personal, corporate, or academic."
AJ
Aaron Johnson
ajohnson at cephas.net
http://cephas.net/blog/
More information about the thelist
mailing list