| View previous topic :: View next topic |
| Author |
Message |
NP-Hardass
n00b
Joined: 24 Mar 2013
Posts: 3
|
 Posted: Sun Mar 24, 2013 1:35 am Post subject: forums.gentoo.org password security |
 |
|
I just signed up for an account, and noticed that upon registration, my password was emailed in plaintext to me.
That's definitely a major no-no on it's own. But since your system was able to plaintext sent it to me in the first place, I'm going to assume that they are also stored in plaintext... That's pretty bad security wise. Can someone look into this and comment? |
|
| Back to top |
|
 |
jpc22
Tux's lil' helper
Joined: 29 Jan 2012
Posts: 137
|
| Posted: Sun Mar 24, 2013 1:49 am Post subject: |
|
|
Cannot confirm if they are stored in plain text, but i did not pay attention to that when i signed up.
Otherwise i think/hope the rest of gentoo services/features are safer.
Forum password safety is not that much dramatic compared to other stuff that could be compromised like mirrors, but it still needs to be adressed like you pointed out. |
|
| Back to top |
|
|
Ant P.
Veteran
Joined: 18 Apr 2009
Posts: 1920
Location: UK
|
|
| Back to top |
|
|
NP-Hardass
n00b
Joined: 24 Mar 2013
Posts: 3
|
| Posted: Sun Mar 24, 2013 2:30 am Post subject: |
|
|
Thanks for the response 
From what I've read online, the phpBB 2 systems use an unsalted hash. And we don't force the login to https, nor do we by default link to https from the gentoo.org website. So I think that alone is insufficient to a claim at mitigation. |
|
| Back to top |
|
|
krinn
Advocate
Joined: 02 May 2003
Posts: 3677
|
| Posted: Sat Mar 30, 2013 2:08 pm Post subject: |
|
|
| Ant P. wrote: |
In short you have nothing to worry about, as long as the URL bar starts with "https:". |
as long as you don't read that mail from a public wifi
just like it's funny to see so many people using mail checker on their laptop and running everywhere with it enable. |
|
| Back to top |
|
|
|
Gentoo Forums Feedback
