On 4/7/2011 7:10 PM, Joey Kelly wrote:
> http://www.bbc.co.uk/news/technology-12983734
>
> The Frenchies want to force all websites to store passwords in plaintext. With
> all the data breaches going on, can't they figure out that having everyone's
> plaintext passwords stolen is a lot worse than having hashed credentials
> snatched?
>
> Stupid, stupid, stupid.
>
As Ron had hinted earlier, most people aren't going to care.
Especially when you consider that the concept of "privacy" is undergoing
a fundamental change with the rise of sites like Facebook, Twitter and
MySpace that encourage people to share it all, even details and things
we would never though would be shared..
Throw in a bit of "fighting terrorism", a dash of "think of the
children" and law enforcement gets what it wants.
On a practical note though, assuming one can get the hash algorithm used
for the password encryption, most governments already have the computing
power at their disposal to generate rainbow tables for the vast majority
of passwords quite easily. In fact, given the information on these(*)
pages, most people's passwords are so weak that one need not work too
hard at generating those rainbow tables...
*: http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time
:
http://www.tomshardware.com/news/imperva-rockyou-most-common-passwords,9486.html
-Jeremy
___________________
Nolug mailing list
nolug@nolug.org
Received on 04/08/11
This archive was generated by hypermail 2.2.0 : 04/08/11 EDT