William's response made me think: it might be worth seeing if you could budget a few hours from a security specialist to give a professional opinion. Even if your boss still regard it as "just, like, your opinion, man" it may be a angle to get a viewpoint from someone he/she will see as an Authority, as frustrating as it may be to be disregarded as "just UX" and to have to pull in an outside source to validate what seems like common sense.
On Thu, Jul 2, 2009 at 5:44 PM, William Brall <[email protected]> wrote: > FYI md5 is totally cracked. It can be broken in a matter of seconds > these days. Try other forms of 1 way encryption. Salt heavily. If you > are really paranoid, encrypt twice in two different ways. > > But a good strong atypical one way encryption should be good enough. > Even md5 should be enough if you code defensively and mitigate SQL > injection vulnerabilities. > > Be careful. Many forms of encryption do NOT produce the same value > each time. (Why is a topic of great length) So don't use any old > form of encryption without research. > > As for your boss. He is not a security specialist, clearly, and his > ideas are the very reason that security specialists have to exist. > Security isn't always intuitive. Let him know that what he would > like you to do is malpractice. That doing so, and the discovery of > said actions after mass identity theft as a result of it, would > subject you, and him, to legal ramifications. The kind that cost your > company, and indeed potentially yourselves MASSIVE financial damages. > > Not to mention it being a potential career ender. > > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > Posted from the new ixda.org > http://www.ixda.org/discuss?post=43289 > > > ________________________________________________________________ > Welcome to the Interaction Design Association (IxDA)! > To post to this list ....... [email protected] > Unsubscribe ................ http://www.ixda.org/unsubscribe > List Guidelines ............ http://www.ixda.org/guidelines > List Help .................. http://www.ixda.org/help > ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [email protected] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
