Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re^3: Status of Recent User Information Leak

by Anonymous Monk
on Aug 04, 2009 at 09:00 UTC ( [id://785695]=note: print w/replies, xml ) Need Help??


in reply to Re^2: Status of Recent User Information Leak
in thread Status of Recent User Information Leak

each account somebody has should have it's own independent password

This is an ideal. Personally I juggle about 10 different passwords in my head. A unique one for EVERY site that needs access? Impossible. A password manager? Not on every access point I use.

I was using a password on this site I share with other non-critical systems so there was no risk of any commercial system being accessed using the exposed password. However I did have to go and change my generic password on the other websites on which I use it.

The problem with computer development is that it is a small part science and a large part art. A large part of it is managing risk. How much risk do you take using 1 password vs convenience? How about 5 passwords vs convenience. How about 250 (pretty inconvenient for me, I can't even name every bone in the body.. might work for surgeons though..)?

Now trade the effort required to salt and store passwords. Hmm, about 3 minutes using the crypt() function. How much risk is alleviated doing this? More than enough to mandate it for any web project.

Replies are listed 'Best First'.
Re^4: Status of Recent User Information Leak
by ysth (Canon) on Aug 05, 2009 at 07:13 UTC

      The way cookies are done also needs to be changed.

      And that leads to requiring the entering of your existing password in order to be able to change your password.

      And that leads to providing a way to get around the above protection which leads to wanting a "security question and answer" and also adding some restrictions and notifications around attempts to change one's e-mail address.

      And then there is the whole "sending password in plain-text" being required to login so we need to make login require (or at least support and probably strongly encourage) https.

      And that leads to replacing the "login nodelet".

      And nobody who actually currently does any significant work on maintaining this site was around when whoever made that first decision to not bother to hash passwords (as far as I know).

      And tons of people have gotten their password e-mailed to them and not raised a tantrum like several people have recently so "plain-text passwords" hasn't been much of a hot topic over all these years.

      And then there is that just using Perl's crypt (as suggested) would have meant that most (or certainly a large fraction) of the passwords I've seen would have been easily found anyway with standard dictionary attacks.

      And even if I'd chosen a password that I was confident wouldn't be found in a 'crack' dictionary, I'd still go change any places where I'd re-used it once the hacking of the site was reported (I'd just be less panicked while doing so).

      (But, yes, hashing passwords is an obvious best practice and something we regret not implementing sooner.)

      - tye        

Re^4: Status of Recent User Information Leak
by ysth (Canon) on Aug 05, 2009 at 03:24 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://785695]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others studying the Monastery: (3)
As of 2024-03-19 11:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found