Hi,
On Fri, Apr 8, 2011 at 12:10 AM, Joey Kelly <joey@joeykelly.net> wrote:
> http://www.bbc.co.uk/news/technology-12983734
>
> The Frenchies want to force all websites to store passwords in plaintext. With
> all the data breaches going on, can't they figure out that having everyone's
> plaintext passwords stolen is a lot worse than having hashed credentials
> snatched?
I doubt the politicians even understand that Google et al don't even
_have_ lists of passwords, but rather hashes as you say. It seems to
be more of a data retention law than anything else. They probably
assume that "obviously" Google has your gmail password because you
type it in to get to your account. I doubt they really intend to
change how logins work, even though that would have to happen for
online services to comply with the proposed law.
Although, as someone on lwn suggested, maybe the intent is to be able
to get the passwords themselves (rather than just access to the
account) because people usually reuse id/pw for multiple sites.
DSB
___________________
Nolug mailing list
nolug@nolug.org
Received on 04/07/11
This archive was generated by hypermail 2.2.0 : 04/08/11 EDT