[impdev] http://redmine.kokuaviewer.org/issues/1126 encrypting passwords.

Nemurimasu Neiro nemurimasu at gmail.com
Fri Mar 9 15:17:31 PST 2012


Using the MAC address is hardly encryption. There are different ways
of protecting passwords on different operating systems, all better
than combining the password with the MAC address.

On Tue, Mar 6, 2012 at 17:28, David Seikel <onefang at gmail.com> wrote:
> On Wed, 7 Mar 2012 03:26:26 +1000 David Seikel <onefang at gmail.com>
> wrote:
>
>> On Tue, 6 Mar 2012 21:52:09 +1000 David Seikel <onefang at gmail.com>
>> wrote:
>>
>> > Both sorts of stored passwords are 32 bit hexadecimal strings.  So
>> > we can't tell which sort of password it is and fix it on the fly.
>>
>> Actually, the encrypted password is 32 bytes of binary, where the
>> hashed one we store is 32 hex digits.  I think that's the bug that
>> comment was referring to.  Can't store raw binary in XML files in the
>> same way we store a string of hex digits.
>
> Well, that plus the fact the MAC was not figured out until AFTER the
> passwords where decrypted.
>
> --
> A big old stinking pile of genius that no one wants
> coz there are too many silver coated monkeys in the world.
>
> _______________________________________________
> ImpDev mailing list
> ImpDev at lists.imprudenceviewer.org
> http://lists.imprudenceviewer.org/listinfo.cgi/impdev-imprudenceviewer.org
>



More information about the ImpDev mailing list