Hi monks

I've been playing with a Firefox plug-in to encrypt my passwords, which I messed up, and I've just requested to have my password reset, and I was surprised to see my actual password being emailed to me. This means that my password is stored in clear text in the Perlmonks database.

As a security advocate, these kinds of observations make me somewhat nervous.

You may recall a recent scare where some Perlmonks passwords got out onto the web. This makes me think that an overhaul of the Perlmonks security module should be in order.

It will be a trivial task to hash the passwords in the database with MD5 or even better SHA1, so that the clear text password is never known to anyone except the account holder. Should a password reset be required, reset the password, and email a unique key.. Also something that is not difficult to do..

Lastly, I would like to see the use of OpenID, or technologies like the Yubikey for authentication. It is not difficult to implement, and I think that as a community we need to show that we are capable of running a well managed system.

Happy new year to all..

Massyn

In reply to Passwords not being hashed? by Massyn

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.