Rich
2018-04-08 15:04:21 UTC
####################################################################
# ATTENTION: This post is a reference to a website. The poster of #
# this Usenet article is not the author of the referenced website. #
####################################################################
<URL:https://www.privateinternetaccess.com/blog/2018/04/another-day-anot
her-breach-at-what-point-does-storing-passwords-in-plaintext-become-crim
inally-negligent/>
# ATTENTION: This post is a reference to a website. The poster of #
# this Usenet article is not the author of the referenced website. #
####################################################################
<URL:https://www.privateinternetaccess.com/blog/2018/04/another-day-anot
her-breach-at-what-point-does-storing-passwords-in-plaintext-become-crim
inally-negligent/>
The third largest breach ever in Finland happened yesterday. Passwords
were stored in plaintext. At T-Mobile Austria, they explain that of
course they store the password in plaintext, but they have so good
security so it's nothing to worry about. At what point does this become
criminally negligent?
News of the Finnish breach (Google Translate) arrived yesterday, and
while there isn't a lot of details, we learn two important things: the
leak was relatively big (the third largest in Finland), and cleartext
passwords with usernames leaked, because they had hundreds of thousands
of passwords stored in cleartext.
... and they had passwords stored in cleartext.
This is so bad security, it should not exist anywhere, period. It should
not even be taught in a coding class as an intermediate step on the way
to how to do it the right way.
1) You don't need to store a password in cleartext to check it against a
new input of the same password. You use something called a salted hash
of the password, which means that you scramble it in a one-way method
that it can't be unscrambled, but the scrambled result can be compared
to a second scramble with the same method of the typed password (and if
they match, it was the same password to begin with).
2) The leak of a plaintext password can be catastrophic for the user
concerned, and the possibility of an external or internal breach must
always be taken into account. No matter how small the possibility, if
the consequences are big enough, we need to take precautions.
...
were stored in plaintext. At T-Mobile Austria, they explain that of
course they store the password in plaintext, but they have so good
security so it's nothing to worry about. At what point does this become
criminally negligent?
News of the Finnish breach (Google Translate) arrived yesterday, and
while there isn't a lot of details, we learn two important things: the
leak was relatively big (the third largest in Finland), and cleartext
passwords with usernames leaked, because they had hundreds of thousands
of passwords stored in cleartext.
... and they had passwords stored in cleartext.
This is so bad security, it should not exist anywhere, period. It should
not even be taught in a coding class as an intermediate step on the way
to how to do it the right way.
1) You don't need to store a password in cleartext to check it against a
new input of the same password. You use something called a salted hash
of the password, which means that you scramble it in a one-way method
that it can't be unscrambled, but the scrambled result can be compared
to a second scramble with the same method of the typed password (and if
they match, it was the same password to begin with).
2) The leak of a plaintext password can be catastrophic for the user
concerned, and the possibility of an external or internal breach must
always be taken into account. No matter how small the possibility, if
the consequences are big enough, we need to take precautions.
...