Hi Alex,

>> yes, it's all about prevention;-)  Storing plain text passwords is no
>> prevention.
>
> But encrypting them creates only an illusion of safety.

I didn't suggest encrypting them but using hash+salt!

> We should not waste our time on irrelevant issues. Whether passwords
> are encrypted locally or not is just a matter of cosmetics.

I strongly disagree with this statement.

And again, I didn't suggest encrypting passwords!  What are we
discussing here?

> What really counts are two issues:
>
>    1. The _whole_ database must be safe from any external access
>    2. We must _trust_ the administrator(s) of the machine

1) the whole discussion about acknowledging that some data are more
confidential then other.  You obviously don't think so.

2) is usually enforced by legal means and/or by reputation.  There is no
technical solution to this.

> It is ridiculous if we talk about allowing changing passwords and/or
> sending them via unencrypted mails, and at the same time make so much
> fuss about hiding them within the machine.

Again, I am strongly against sending passwords via e-mail.  If you don't
store the passwords in the first place, there is no way to send them
obviously.

> Instead, all effort should go into protecting the system itself.

There are many ways and different situations where the system should be
protected.  From the point somewhere gets hold of your database your
system is completely unprotected.  And confidential databases leak all
the time.  The thing I suggested would give protection to passwords even
if somebody got hold of the database.

Cheers,

Tomas
-- 
UNSUBSCRIBE: mailto:picol...@software-lab.de?subject=unsubscribe

Reply via email to