[180176] in North American Network Operators' Group
Re: gmail security is a joke
daemon@ATHENA.MIT.EDU (William Herrin)
Wed May 27 10:28:45 2015
X-Original-To: nanog@nanog.org
X-Really-To: <nanog@nanog.org>
In-Reply-To: <CACnPsNW7W1u-cXBFVy8j3xEV1FEBXsT1C_+kYT4MMXXa9Uf+Kw@mail.gmail.com>
From: William Herrin <bill@herrin.us>
Date: Wed, 27 May 2015 10:28:12 -0400
To: Scott Howard <scott@doc.net.au>
Cc: John Levine <johnl@iecc.com>, "Aaron C. de Bruyn" <aaron@heyaaron.com>,
NANOG mailing list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Tue, May 26, 2015 at 4:10 PM, Scott Howard <scott@doc.net.au> wrote:
> On Tue, May 26, 2015 at 12:28 PM, Aaron C. de Bruyn <aaron@heyaaron.com>
> wrote:
>> If they can e-mail you your existing password (*cough*Netgear*cough*),
>> it means they are storing your credentials in the database
>> un-encrypted.
>
> No, it doesn't mean that at all. It means they are storing it unhashed
> which is probably what you mean.
Hi Scott,
It means they're storing it in a form that reduces to plain text
without human intervention. Same difference. Encrypted at rest matters
not, if all the likely attack vectors go after the data in transit.
Regards,
Bill Herrin
--
William Herrin ................ herrin@dirtside.com bill@herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
