OT: Unhashed passwords
D. Hugh Redelmeier
hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Tue Jul 5 15:48:54 UTC 2011
| From: Tyler Aviss <tjaviss-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
| Anyone know if there's a listing of sites/domains that keep user passwords
| in an unhashed form?
You can never know that a site does not do that. A special case of
the rule of testing: testing can never show that there are no bugs.
Never recycle passwords.
I always generate unique ones for each site. I use expect's mkpasswd.
That maximizes entropy without consuming any from my brain.
Mailman is pretty clear about the insecurity of its passwords.
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list