[Chugalug] Why you don't store passwords, explained

Dave Brockman dave at brockmans.com
Tue Nov 5 22:06:36 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/5/2013 4:07 PM, Stephen Kraus wrote:
> Its more 'why you don't just encrypt your password database with a
>  broken encryption system'
> 
> Hash storage is what they were supposed to do.

No, it's "don't store passwords, including encrypted versions of
passwords".  Hashes != passwords.  This isn't one of those
applications that should actually save recoverable passwords.  That's
what KeePass is for, not Adobe's back-end licensing server(s).

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSeWvsAAoJEMP+wtEOVbcde0IH/2FvJKNYxjuwSYNzzs2McYSE
NRJFUlLJqCUeEun/jUdkSvxw1auGa439Fu6vengGtcp2DUiggr19lfQrOsK6Yu4w
j1g4wh20ySdOMfE7Q6fZL4/akBv7A6anNdDpnul4d9vs4Qg2edj9umWbM1CK6xSs
PKLTnH1ZZ1Luz2vLm/dpLZtSxiUmMKuwrfE6asf6aE0OVWrJWpoUdwNpT5qT/Pnq
IAd0sBLVRfdbdAq6qp5LbNia32+mGc3RBAwPGCfAAVK0A9+hiAkK/9X9c4uye6kS
SLYf/cX+q5/2TWfTZZ6JWH52rjBU28KC2hzgc7es6saYGJgR5QIZ0x3OvC+55zs=
=YrVA
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list