hashed passwords for perlmonks

I just joined perlmonks. As part of the process, I discovered that I was limited to eight characters for my password. I see on Status of Recent User Information Leak that there is a plan to use hashed passwords on perlmonks. That page is over a year old. Can I help?

I see elsewhere on the site that folks wanting to help should join the pmdev group... and that joining groups is only an option for Friars and that I can become a Friar through using the site in a reasonable manner and thereby gaining XP. I'd like to help now, if nobody minds.

I see elsewhere that getting the code for perlmonks is non-trivial. If nobody is already doing the work to use hashed passwords, then would anyone be able to reveal the password storage/comparison code for hacking?

Comment on hashed passwords for perlmonks

Replies are listed 'Best First'.
Re: hashed passwords for perlmonks by CountZero (Bishop) on Aug 15, 2010 at 06:25 UTC
Welcome in our Monastery perlpie! ++ for your enthousiasm and willingness to help and work for the benefit of our community. However, you will soon find out that it takes a while before you (or any newcomer) find your place in our community. Show us that you are worthy of being a Perlmonk, read the various faq which are to be found in many places, ask and answer questions, ... Let your good deeds speak for you and you will be a friar before you know it! CountZero A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James	[reply]
Re: hashed passwords for perlmonks by Argel (Prior) on Aug 16, 2010 at 20:27 UTC
Considering how hard the code is to maintain, just asking to join pmdev calls into question your sanity -- which immediately disqualifies you!! (^_^) Elda Taluta; Sarks Sark; Ark Arks	[reply]
Re: hashed passwords for perlmonks by Anonymous Monk on Mar 27, 2013 at 15:45 UTC
I was a frequent user of PerlMonks. I even achieved Saint status. Then hackers broke into the site and got my plaintext password from a database. Out of protest I've never since logged into PerlMonks and I never will. Passwords should never be stored as plaintext. Amazingly the Gods on this site are proud and refuse to hash the passwords. It is unfortunate they didn't take up your willingness to help.	[reply]