166
GC97
8y

Everybody complains about SHA-1.
I'm so glad that I store passwords in plain text.

;-)

Comments
  • 8
  • 7
    /me to se rescue
  • 0
    Joke is on the haxer. In fact the passwords are used as an input into a hash function whose value is used to look up the real password from a remote system. Ha!
  • 3
    @nickhh and why couldn't the h4x0r reverse engineer that hash function exactly? Obscuring is not securing
  • 1
    Loool... I sharted when laughing to this
  • 2
    @matanl @nickhh You're right, you're adding another level of complexity which

    1. Doesnt need to be there

    2. Adds another service to run, audit and uptime costs

    3. Adds another attack vector

    4. May add a vuln allowing the attacker to skip remote password checks
  • 1
    @matanl I know. I wasn't serious.
  • 4
    @GC97 There's nothing wrong with me!
  • 0
    Hope driven development.
Add Comment