----- Original Message ----- From: "Robert Norris" >> IMO it is very undesirable that passwords are stored in plaintext, IMO >> we should get rid of that ASAP :D I know we'll have to live with >> plaintext passwords for quite some time to come but IMO it would be a >> Good Thing(tm) if clients/servers would default to storing hashed >> passwords. > > Well, I think that plaintext passwords on the wire are more of an issue > than plaintext passwords in the data store. > > Basically, until we get auth mechanisms that are secure on the wire and > don't require plaintext passwords on the server, then stuff I write will > be storing passwords in plaintext.
I have to admit that I have never understood this (maybe someone can explain) - sending plain text over the wire is bad, but it's a different issue than storing them in plain text on the server. At least when you send them there is a limited window for someone to sniff your password. They have to be either lucky, or actually trying to find out what your password is. With plaintext files on the server you have a 24x7 risk of someone getting root access and just sniffing around to find out if there is something interesting. Maybe I'm missing something obvious, but what is the harm in encrypting/hashing/obfuscating them? It seems bad form to have plain text passwords stored anywhere when there is some sort of alternative (even if it's not a particuarly good one). The only con I can possibly think of is that it might give the admin a false sense of security - but I can't see that as a major issue, and probably one that can be addressed in the documentation. Yes, they are not going to be 100% secure Yes, they have to be turned back into plaintext to be sent to the remote server Yes, it's bad that they have to be sent over the wire in plain text Yes, the admin SHOULD have the permissions set so no one but him/her can read them But on the other hand: It's not hard to do. (Hell, even ROT13ing them would be an improvment over plain text) It stops a trusted admin from accidently/in good faith reading/remembering them Hashed passwords are MUCH harder to remember than plaintext ones (which are usually dictionary words) It lessens the chance of some script kiddy getting hold of the password file, and realising that he/she has a bunch of AIM/ICQ/MSN passwords and going nuts with them It's kind of like putting a lock on a glass door. The effort to find something to break the glass with is going to be enough to deter some people, but it won't stop someone who is really intent on getting inside. I don't know of any (Windows) clients that store the password in plain text in the registry/config file - and in theory you trust everyone who you give access to your PC. I would be very surprised if when I clicked "Remember this password" in IE if I could then find it in plain text on my Win2000 machine. Michael. _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
