nanog mailing list archives
Re: gmail security is a joke
From: William Herrin <bill () herrin us>
Date: Wed, 27 May 2015 16:05:12 -0400
On Wed, May 27, 2015 at 1:51 PM, Barry Shein <bzs () world std com> wrote:
On May 27, 2015 at 10:28 bill () herrin us (William Herrin) wrote: > On Tue, May 26, 2015 at 4:10 PM, Scott Howard <scott () doc net au> wrote: > > It means they are storing it unhashed > > which is probably what you mean. > > It means they're storing it in a form that reduces to plain text > without human intervention. Same difference. Encrypted at rest matters > not, if all the likely attack vectors go after the data in transit. It matters a lot. [...] The OP was correct, if they can send you your cleartext password then their security practices are inadequate, period.
Am I speaking English? I thought I was speaking English.
Unless I misunderstand what you're saying (I sort of hope I do)
Yeah, I think you probably did since I was largely agreeing with you. What I was trying to say was that there wasn't a heck of a lot of difference between storing a user's password with reversible encryption and storing it in plain text. Both are supremely unsatisfactory. Reasonable security starts by not retaining the user's password at all. Keep only the non-reversible hash. Regards, Bill Herrin -- William Herrin ................ herrin () dirtside com bill () herrin us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
Current thread:
- Re: gmail security is a joke, (continued)
- Re: gmail security is a joke Aaron C. de Bruyn (May 26)
- Re: gmail security is a joke John R. Levine (May 26)
- Re: gmail security is a joke Aaron C. de Bruyn (May 26)
- Re: gmail security is a joke Scott Howard (May 26)
- Re: gmail security is a joke William Herrin (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke John R. Levine (May 27)
- Re: gmail security is a joke James Downs (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke William Herrin (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke Rich Kulawiec (May 27)
- Re: gmail security is a joke Barry Shein (May 27)
- Re: gmail security is a joke Peter Beckman (May 27)
- RE: gmail security is a joke John Souvestre (May 27)
- Re: gmail security is a joke Jimmy Hess (May 27)
- Password storage (was Re: gmail security is a joke) Robert Kisteleki (May 28)
- Re: Password storage (was Re: gmail security is a joke) Christopher Morrow (May 28)
- Re: Password storage (was Re: gmail security is a joke) shawn wilson (May 28)
- Re: Password storage (was Re: gmail security is a joke) Michael Thomas (May 28)