<div dir="ltr">dave is drawing a distinction between an encrypted password and the password's hash. it's subtle, but it's there.<div><br></div><div>-wes</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">

On Tue, Nov 5, 2013 at 2:24 PM, Stephen Kraus <span dir="ltr"><<a href="mailto:ub3ratl4sf00@gmail.com" target="_blank">ub3ratl4sf00@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<p dir="ltr">Um, correct me if I'm wrong, but a back end for a licensing server for your products should have the usernames and passwords associated with the keys stored....how else would you associate an account with its users data?</p>



<p dir="ltr">And correct me if I'm wrong but if I (Sagan forbid) lose the password associated with a very expensive product key, there had better be a recovery route.</p><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On Nov 5, 2013 5:21 PM, "Dave Brockman" <<a href="mailto:dave@brockmans.com" target="_blank">dave@brockmans.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
On 11/5/2013 4:07 PM, Stephen Kraus wrote:<br>
> Its more 'why you don't just encrypt your password database with a<br>
>  broken encryption system'<br>
><br>
> Hash storage is what they were supposed to do.<br>
<br>
No, it's "don't store passwords, including encrypted versions of<br>
passwords".  Hashes != passwords.  This isn't one of those<br>
applications that should actually save recoverable passwords.  That's<br>
what KeePass is for, not Adobe's back-end licensing server(s).<br>
<br>
Regards,<br>
<br>
dtb<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2.0.17 (MingW32)<br>
Comment: Using GnuPG with Thunderbird - <a href="http://www.enigmail.net/" target="_blank">http://www.enigmail.net/</a><br>
<br>
iQEcBAEBAgAGBQJSeWvsAAoJEMP+wtEOVbcde0IH/2FvJKNYxjuwSYNzzs2McYSE<br>
NRJFUlLJqCUeEun/jUdkSvxw1auGa439Fu6vengGtcp2DUiggr19lfQrOsK6Yu4w<br>
j1g4wh20ySdOMfE7Q6fZL4/akBv7A6anNdDpnul4d9vs4Qg2edj9umWbM1CK6xSs<br>
PKLTnH1ZZ1Luz2vLm/dpLZtSxiUmMKuwrfE6asf6aE0OVWrJWpoUdwNpT5qT/Pnq<br>
IAd0sBLVRfdbdAq6qp5LbNia32+mGc3RBAwPGCfAAVK0A9+hiAkK/9X9c4uye6kS<br>
SLYf/cX+q5/2TWfTZZ6JWH52rjBU28KC2hzgc7es6saYGJgR5QIZ0x3OvC+55zs=<br>
=YrVA<br>
-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
Chugalug mailing list<br>
<a href="mailto:Chugalug@chugalug.org" target="_blank">Chugalug@chugalug.org</a><br>
<a href="http://chugalug.org/cgi-bin/mailman/listinfo/chugalug" target="_blank">http://chugalug.org/cgi-bin/mailman/listinfo/chugalug</a><br>
</blockquote></div>
</div></div><br>_______________________________________________<br>
Chugalug mailing list<br>
<a href="mailto:Chugalug@chugalug.org">Chugalug@chugalug.org</a><br>
<a href="http://chugalug.org/cgi-bin/mailman/listinfo/chugalug" target="_blank">http://chugalug.org/cgi-bin/mailman/listinfo/chugalug</a><br>
<br></blockquote></div><br></div>