Free Republic
Browse · Search
News/Activism
Topics · Post Article

To: usconservative
A proper web firm doesn’t store its users’ passwords and therefore cannot give them out.

So I guess it's magic anytime you type in your password on a website and it just works huh?
 

No. It's not magic. It is a hash. If you are doing business with a company, and you forget your password, and their tech support line can actually give you your old password, run. Do not walk. Run away from them because they are absolutely violating very fundamental and elementary protocols. There is never a situation where they should be able to tell you what your password is.

This is pretty basic stuff, really.

146 posted on 07/25/2013 8:38:16 PM PDT by zeugma (Be a truechimer, not a falseticker!)
[ Post Reply | Private Reply | To 94 | View Replies ]


To: zeugma
No. It's not magic. It is a hash.

And what do you think that hash is?

If you are doing business with a company, and you forget your password, and their tech support line can actually give you your old password, run. Do not walk. Run away from them because they are absolutely violating very fundamental and elementary protocols.

Couldn't agree more. My point is and remains, a hashed password is still a password. The original poster failed to understand that.

The value of that hashed password to the Fed's is zero unless they're also given the algorithm that was used to generate the hashed password.

Giving the Fed's hashed passwords isn't my concern - turning over the hash key algorithm's is.

166 posted on 07/26/2013 5:20:03 AM PDT by usconservative (When The Ballot Box No Longer Counts, The Ammunition Box Does. (What's In Your Ammo Box?))
[ Post Reply | Private Reply | To 146 | View Replies ]

Free Republic
Browse · Search
News/Activism
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson