in reply to Status of Recent User Information Leak

It's seems that everyone is bragging about plaintext passwords, at the same time forgetting about compromised root account on the server involved. Also, about 90% of the posters are happy to declare perlmonks maintainers as stupid and careless because of that. So, I have one question: give me one good logical reason to have encrypted passwords on the user login machine I and not you have the root access for.
  • Comment on Re: Status of Recent User Information Leak

Replies are listed 'Best First'.
Re^2: Status of Recent User Information Leak
by Argel (Prior) on Aug 06, 2009 at 21:50 UTC
    On a technical level everything you say is correct. However, you have overlooked the "temptation" factor -- the hackers specifically stated that they "couldn't resist so many clear text passwords" (paraphrased).

    Elda Taluta; Sarks Sark; Ark Arks
[reply]
Re^2: Status of Recent User Information Leak
by Anonymous Monk on Aug 06, 2009 at 04:28 UTC
    1) Sh*t happens.
[reply]

In Section Perl Monks Discussion