Learn More
Resend Email
166
Worst bad practice(s) you do anyway?
Week 47 Group Rant
GC97
7y

Everybody complains about SHA-1.
I'm so glad that I store passwords in plain text.

;-)

undefined

security

passwords

plain text

sha1

wk47
Favorite
Ranter
Comments
  • 8
    7y
    @SHA-256
  • 7
    7y
    /me to se rescue
  • 0
    7y
    Joke is on the haxer. In fact the passwords are used as an input into a hash function whose value is used to look up the real password from a remote system. Ha!
  • 3
    7y
    @nickhh and why couldn't the h4x0r reverse engineer that hash function exactly? Obscuring is not securing
  • 1
    7y
    Loool... I sharted when laughing to this
  • 2
    7y
    @matanl @nickhh You're right, you're adding another level of complexity which

    1. Doesnt need to be there

    2. Adds another service to run, audit and uptime costs

    3. Adds another attack vector

    4. May add a vuln allowing the attacker to skip remote password checks
  • 1
    7y
    @matanl I know. I wasn't serious.
  • 4
    7y
    @GC97 There's nothing wrong with me!
  • 0
    7y
    Hope driven development.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment