in reply to Re^3: It's Time for Everyone to Change Passwords!
in thread It's Time for Everyone to Change Passwords!

If the passwords were encrypted, as they should be, then the current password reminder function would not be possible.

I know this thread is about something far more serious then nitpicking wording, but I still feel it necessary to point out the problem with your statement. Too many people that visit this site don't understand cryptography to know how to properly interpret what you have said.

You have implied that if something is encrypted, that it can't be decrypted ("not be possible"). I think you meant s/encrypted/hashed/ which is a cryptographic hash and is intended not to be reversible. So how could the data be stored in the database encrypted and still allow the passwords to be emailed decrypted in plain text? One way would be to use symmetric encryption such as AES. It uses the same key to encrypt and decrypt which means the key would need to be stored in a safe place. Since the box was rooted, it is unlikely a determined individual would not have been able to eventually find and decrypt the passwords. Asymmetric encryption wouldn't be practical as a means of storing passwords as I understand the PerlMonk's design.

In a nutshell, I agree that the passwords should be hashed which is what I believe you meant by encrypted.

Cheers - L~R