[thelist] hashing stored passwords (revisited)

[klute]

I agree. in fact, if you count people reusing
passwords online today, it will probably see that is a
vast majority. 

also, it's not just hackers that you are dealing with
here. a sys admin could be a badguy as well. you never
know -- mad for just being fired, curious, psycho,
etc, etc. if he/she has access to your plaintext
password, you may be in for some stressful ride.

i personally would love to know if a site i am about
to register with, will hash my password. if the answer
is no, i would change my mind about the registration
or use some junk password.

james

--- Aredridel <aredridel at nbtsc.org> wrote:
> > So aside from him being able to use a user's
> password on another site
> > or for a different resource where the same
> username/password combo
> > existed, does it enhance the security of a website
> at all? Said
> > another way, assuming all your users use unique
> passwords for every
> > site they visit (thus not allowing the same
> username/combo to ever be
> > used twice) AND you use SSL for logins, does
> hashing actually do
> > anything?
> 
> Well, that's a big one since most users use the same
> password
> everywhere.
> 
> Also, if you repair the breach, you don't have to
> tell all your users to
> change passwords -- you just restore a backup, close
> the hole, and
> you're relatively safe, still -- you won't have joe
> intruder still
> having access via the thousand-odd passwords he
> stole.
> > 
> > 
> > Thanks,
> > Chris.
> 
> -- 
> * * Please support the community that supports you. 
> * *
> http://evolt.org/help_support_evolt/
> 
> Evolt.org conference in London, July 25-27 2003. 
> Register today at http://evolt.org.uk
> 
> For unsubscribe and other options, including the Tip
> Harvester 
> and archives of thelist go to:
> http://lists.evolt.org 
> Workers of the Web, evolt ! 


__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com