[thelist] hashing stored passwords (revisited)

klute soundres9 at yahoo.com
Thu Jun 26 10:58:05 CDT 2003

I would at least describe it within your privacy
policy section. i am not 100% sure it belongs there
but i think it's an ok place for it. my site's privacy
policy, for examples, includes:

"Creating an account merely requires choosing a
username/password combination. Your password gets
encrypted before being stored in our database. One-way
hash is used to perform this encryption which means
that nobody (including the administrator of this site)
has access to your sensitive information."

Hope this helps

p.s. it will be *very* reassuring for me (i admint i
may be in a minority though)

--- Gary McPherson <genyus at ingenyus.net> wrote:
> > i would stay away from asking for very sensitive
> info
> > such as "mother's maiden name" or "last 4 #s of
> your
> > SSN", etc. these are routinely used by banks and
> why
> > would i give this info to a small site w/o having
> any
> > assurance that it will be kept encrypted and/or
> the
> > machine the database is on is well-protected? if
> my
> > mother's maiden name is compomised, it can't be
> > changed but i still need to continue using it for
> > banking! smaller independent sites don't care
> about
> > security (they'd probably like to but don't have
> > resources) as much as banks or places like PayPal
> do. 
> Well pointed out.
> Question: is it worth detailing what information
> will be encrypted for
> the user's benefit? On a site of this nature, I
> doubt it would affect
> anybody's decision to sign up, but it might be
> reassuring for some.
> -- 
> * * Please support the community that supports you. 
> * *
> http://evolt.org/help_support_evolt/
> Evolt.org conference in London, July 25-27 2003. 
> Register today at http://evolt.org.uk
> For unsubscribe and other options, including the Tip
> Harvester 
> and archives of thelist go to:
> http://lists.evolt.org 
> Workers of the Web, evolt ! 

Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!

More information about the thelist mailing list