"Passwords are stored in plain text."

Eric Hellman, Go To Hellman, Feb 09, 2015
Commentary by Stephen Downes
files/images/hashsalt.JPG

A nice explanation of password hashing and salting, and a rather interesting set of responses from various academic services about the manner in which they store their passwords (or entrust third party services to manage them as GET requests, storing them in access logs for later retrieval and reuse). "To sum up," writes Eric Hellman, "adoption of up-to-date security practices is far from complete in the world of library databases. I hope that the laggards have improved since the submission date of this RFP (roughly a year ago) or at least have plans in place to get with the program." OLDaily hashes passwords and should probably salt them as well.

Views: 0 today, 146 total (since January 1, 2017).[Direct Link]