in reply to Re: ??Mnemonic Passwords??
in thread ??Mnemonic Passwords??
crypt and other one-way hashing algorithms are not appropriate for every application. Ever try to maintain thousands of user accounts where everyone's password is crypt'ed? It's no fun when you have no way of reminding them what their password is when they forget. Storing passwords in the clear may not be the most secure thing in the world, but if the application isn't critical the convenience may FAR outweigh the lack of security. Both Slashdot and Perlmonks store their password lists un-crypt'ed for that very reason, so that they can email it to people who forget.
The original poster's ROT13 encryption might not be secure, but it's at least reversable, which gives you (slightly) more security than storing plaintext passwords. Sure, he's putting up a chain-link fence instead of a guard tower, but there's a reason why people still use chain-link fences. :-)
Gary Blackburn
Trained Killer
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Re: Re: ??Mnemonic Passwords??
by tachyon (Chancellor) on Jan 02, 2003 at 04:54 UTC | |
by Trimbach (Curate) on Jan 02, 2003 at 05:52 UTC |
In Section
Seekers of Perl Wisdom