Comments on: World leaders in security http://blog.mylittlepwnage.com/2009/02/05/world-leaders-in-security/ Out of the frying pan and into the punch in the face. Fri, 01 Jan 2010 02:15:48 +0000 hourly 1 By: Cam http://blog.mylittlepwnage.com/2009/02/05/world-leaders-in-security/comment-page-1/#comment-37 Cam Sat, 07 Feb 2009 05:33:29 +0000 http://blog.mylittlepwnage.com/?p=215#comment-37 <p>It's not an issue of trust. Storing passwords as a one way hash simplifies who you have to trust.</p> <p>To complicate things with micro managing issues of trust, you have to consider every one that might access that database. That's every programmer, support person, manager and the potential malicious intruder. What about present or future features that decide to email passwords out to existing users, over plaintext or otherwise? That opens up users to identity theft and further cost from id theft. There are many reasons why it is not good to store passwords this way.</p> <p>It's not enough that storing passwords in plain text is bad though. It's harder and more costly to implement a one way hash. Implementing a one way hash system in a very secure, reliable and robust fashion is even harder. You can argue the cost to benefit issue, but it isn't an issue of trust, it's an unfortunate issue of cost - one that isn't taken seriously enough, in my opinion.</p> It’s not an issue of trust. Storing passwords as a one way hash simplifies who you have to trust.

To complicate things with micro managing issues of trust, you have to consider every one that might access that database. That’s every programmer, support person, manager and the potential malicious intruder. What about present or future features that decide to email passwords out to existing users, over plaintext or otherwise? That opens up users to identity theft and further cost from id theft. There are many reasons why it is not good to store passwords this way.

It’s not enough that storing passwords in plain text is bad though. It’s harder and more costly to implement a one way hash. Implementing a one way hash system in a very secure, reliable and robust fashion is even harder. You can argue the cost to benefit issue, but it isn’t an issue of trust, it’s an unfortunate issue of cost – one that isn’t taken seriously enough, in my opinion.

]]> By: nb http://blog.mylittlepwnage.com/2009/02/05/world-leaders-in-security/comment-page-1/#comment-36 nb Thu, 05 Feb 2009 06:59:20 +0000 http://blog.mylittlepwnage.com/?p=215#comment-36 <p>The only case in which encrypted password storage matters is when you trust the app but not the database (theft being the most common risk). Doesn't protect against much else though (q.v. /etc/shadow). Transmission of cleartext passwords, however, is just bad. The series of tubes should not be trusted not to leak.</p> The only case in which encrypted password storage matters is when you trust the app but not the database (theft being the most common risk). Doesn’t protect against much else though (q.v. /etc/shadow). Transmission of cleartext passwords, however, is just bad. The series of tubes should not be trusted not to leak.

]]>