Aren’t we supposed to be better than this?

From the recent blogs.perl.org hacking:

The password is salted and encrypted (with crypt)

This is what I expect out of the PHP community.

m4s0n501
Article Global Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Eli Pets

Bookmark the permalink.

One Response to Aren’t we supposed to be better than this?

  1. Dave Cross says:

    This is, of course, the problem of using off the shelf software for services like this. It’s very tempting to stick with the software’s default encryption techniques.

    More worrying is the Movable Type documentation’s assertion that:

    Because the password is one-way encrypted, there is no way of recovering the initial password.

    We’ll be looking at a way to strengthen that encryption.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">