nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: gmail security is a joke

From: William Herrin <bill () herrin us>
Date: Wed, 27 May 2015 10:28:12 -0400
On Tue, May 26, 2015 at 4:10 PM, Scott Howard <scott () doc net au> wrote:

On Tue, May 26, 2015 at 12:28 PM, Aaron C. de Bruyn <aaron () heyaaron com>
wrote:

If they can e-mail you your existing password (*cough*Netgear*cough*),
it means they are storing your credentials in the database
un-encrypted.


No, it doesn't mean that at all.  It means they are storing it unhashed
which is probably what you mean.


Hi Scott,

It means they're storing it in a form that reduces to plain text
without human intervention. Same difference. Encrypted at rest matters
not, if all the likely attack vectors go after the data in transit.

Regards,
Bill Herrin


-- 
William Herrin ................ herrin () dirtside com  bill () herrin us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
Previous By Date Next
Previous By Thread Next

Current thread: