Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Joke is on the haxer. In fact the passwords are used as an input into a hash function whose value is used to look up the real password from a remote system. Ha!
-
matanl26448y@nickhh and why couldn't the h4x0r reverse engineer that hash function exactly? Obscuring is not securing
-
@matanl @nickhh You're right, you're adding another level of complexity which
1. Doesnt need to be there
2. Adds another service to run, audit and uptime costs
3. Adds another attack vector
4. May add a vuln allowing the attacker to skip remote password checks
Related Rants
Everybody complains about SHA-1.
I'm so glad that I store passwords in plain text.
;-)
undefined
security
passwords
plain text
sha1
wk47