Fwd: confirm 9a85e83e9531356d37cfd8581573d167b99c16f8
Ola Fosheim Grøstad" <ola.fosheim.grostad+dlang at gmail.com>
Ola Fosheim Grøstad" <ola.fosheim.grostad+dlang at gmail.com>
Sun Apr 13 21:05:31 PDT 2014
On Saturday, 12 April 2014 at 16:41:09 UTC, Walter Bright wrote:
>> And a company whose only business goal is to keep passwords
>> secure is probably harder
>> to hack into that companies which have a different focus and
>> might not invest as
>> much into security.
>
> "probably" doesn't work for me when the consequences of being
> wrong are so awful.
True, and by being a password business which people use for
important passwords it becomes a primary target. So if there are
weaknesses they are more likely to be found and expolitation
skillfully hidden from detection...
Besides, the weakest link is your keyboard. You could be snooped
by a radiation based scanner when you are outside you Faraday
cage. Master passwords for anything more important than facebook
is irresponsible IMHO.
But yeah, storing passwords in the clear is no good, because MOST
people reuse passwords for services that are unimportant with the
assumption that they are hashed before they are compared. This is
a calculated risk. Man in the middle attacks are a bit less
likely than site hacking (try a traceroute), and https can also
suffer from those, so I think Manu is right about being upset.
Storing passwords in the clear is a lot worse than clear
transmission.
More information about the Digitalmars-d
mailing list