Gentoo Forums: On register, password is emailed in plaintext
Message
- throwaway12394
- n00b
- Posts: 3
- Joined: Sun Aug 02, 2020 4:29 am
Gentoo Forums: On register, password is emailed in plaintext
I just registered this account for unrelated emails. It appears my password has been sent to me in plaintext. This is far from best practice. While fixing I'd also recommend double-checking that passwords are hashed+salted within the database appropriately.
- NeddySeagoon
- Administrator
- Posts: 56100
- Joined: Sat Jul 05, 2003 9:37 am
- Location: 56N 3W
Moved from Networking & Security to Gentoo Forums Feedback.
Yes, passwords are hashed. I'm not sure about salted.
The forums uses phpBB 2.0.23-gentoo-p11, which is well past its use by date.
There is an upgrade to phpBB 3.x in the works, so any fixes to 2.0.23 are unlikely.
Yes, passwords are hashed. I'm not sure about salted.
The forums uses phpBB 2.0.23-gentoo-p11, which is well past its use by date.
There is an upgrade to phpBB 3.x in the works, so any fixes to 2.0.23 are unlikely.
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Passwords are stored MD5 hashed and thrown away after the email is sent.
You're right it's far from best practice, but that's why everyone uses a password manager with strong random per-site passwords nowadays, right? :)
You're right it's far from best practice, but that's why everyone uses a password manager with strong random per-site passwords nowadays, right? :)
anything new about the forum upgrade?
Forum Guidelines
PFL - Portage file list - find which package a file or command belongs to.
My delta-labs.org snippets do expire
PFL - Portage file list - find which package a file or command belongs to.
My delta-labs.org snippets do expire
a question for viewtopic.php?p=8427828Banana wrote:anything new about the forum upgrade?