Re^2: Did Perlmonks Ever Salt and Hash Their Password Database?

Replies are listed 'Best First'.
Re^3: Did Perlmonks Ever Salt and Hash Their Password Database? by pryrt (Abbot) on Aug 17, 2016 at 15:12 UTC
Maybe "trivial" was too strong of a word. And I'm not a black hat, so I don't have the right skill set. But from what I've read, and heard from security conscious individuals, is that it can be easier to intercept the plaintext password en route than to hack the server and get the passwords that way.	[reply]
Re^4: Did Perlmonks Ever Salt and Hash Their Password Database? by trippledubs (Deacon) on Aug 17, 2016 at 15:30 UTC
Many security practices are boiled down and imposed by people that are not fully aware of the impracticality of the supposed exploit especially in a specific environment or the resources required to mitigate. I'm sure that the admins here at the time were displeased, but the response is a great study in how to respond to a breach correctly. Measured responses to difficult problems. This is a monastery, not a security fan club. From what I understand, the decision to encrypt the db was investigated, discussed, and dismissed. And revisiting the issue every so often is probably not a bad idea just because it starts making people think about security. But tunnel vision towards one specific problem / solution is not really helpful. I like Linus's view Linus Interview - Washington Post	[reply]
Re^4: Did Perlmonks Ever Salt and Hash Their Password Database? by Anonymous Monk on Aug 17, 2016 at 23:12 UTC
:) intercepting unencrypted traffic is trivial, but first you have to be on the same local network so my roommate can intercept my lan traffic yeah, so what, he can just as easily walk into my room doing that from the other end of the internet is not trivial	[reply]
Re^5: Did Perlmonks Ever Salt and Hash Their Password Database? by BrowserUk (Patriarch) on Aug 17, 2016 at 23:46 UTC
doing that from the other end of the internet is not trivial Depends if your room mate is as knowledgeable and careful as you are. If I can infiltrate his machine -- or any of the other 250 on your local subnet -- I can monitor your traffic. For a site that has the claimed and demonstrated website expertise as this place; "the framework doesn't allow for this" is a pathetic excuse. A secure login doesn't have to be a part of the "framework"; it could be a completely standalone process that sets a flag somewhere accessible from the framework. That's all it would take! (That is doesn't exist, is pathetic!) With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday' Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". I knew I was on the right track :) In the absence of evidence, opinion is indistinguishable from prejudice.	[reply]
Re^6: Did Perlmonks Ever Salt and Hash Their Password Database? by stevieb (Canon) on Aug 18, 2016 at 01:11 UTC
Re^7: Did Perlmonks Ever Salt and Hash Their Password Database? by Anonymous Monk on Aug 18, 2016 at 02:06 UTC
Some notes below your chosen depth have not been shown here