[conspire] Password storage (was: Conspire Hey!)

Nick Moffitt nick at zork.net
Fri Nov 16 01:55:01 PST 2012

Rick Moen:
> 2.  (worse)  Yahoo was storing sensitive passwords in _plaintext_.
> You never, never, ever do that.  That's a chump error.  (If you are
> able to get security-sensitive passwords[1] looked up and mailed to
> you, for example, then somebody is making a chump error with your
> data.)

This!  A thousand times, this!

I've taken to signing up for web accounts (which I do super rarely) with
passwords that contain all of the usual input sanitization baddies: `;'\
just for a start.  If the site says that I must not use those
characters, I jump to a particular conclusion: they are doing input
sanitization on my password because they want to store and manipulate it
in cleartext.  They probably weed out the ; and ' because they want to
pass my actual password straight to an SQL INSERT statement or
something, and don't want me to inject my own SQL.

I have no problem with input sanitizing actual clear-text fields.  There
are ways to do it that don't become apparent to the user, but I won't
balk *too* strongly if they forbid me an apostrophe in my e-mail
address.  But the *password*?  They should be storing a normalized hash,
as Rick explained.

Though the great song return no more
There's keen delight in what we have:
The rattle of pebbles on the shore
Under the receding wave.  -- W. B. Yeats

More information about the conspire mailing list