[plug] ISPs storing plain-text passwords...
James Bromberger
james at rcpt.to
Mon Aug 6 21:34:05 WST 2001
On Mon, Aug 06, 2001 at 08:27:43PM +0800, Kim Covil wrote:
> I suppose there are a number of issues here...
>
<chomp list>
And if a scheme like this is used, why not force a minimum length of, say,
7 characters, and only disclose 4 of these to support staff. That's still
equivalent length to many people's PIN numbers but of corse, not 10
possibilities but around 100 (I think 4 is the default length for ATM
cards, etc), yet still gives enough combinations that it isn't completely
trivial for the ISP staff to use the password (without having root).
James
--
James Bromberger <james_AT_rcpt.to> www.rcpt.to/~james
Remainder moved to http://www.rcpt.to/~james/james/sig.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20010806/2a7cdad8/attachment.pgp>
More information about the plug
mailing list