Hacker News new | ask | show | jobs
by timaelliott 5098 days ago
They could have encrypted your password and decrypted it for that email. Still poor practices but there's nothing here to indicate what your title states.

The bottom of your article also suggests people use MD5 and salts, so clearly you aren't in a position to be criticizing anyone's password policy :)
2 comments
benjaminsull 5098 days ago
The privacy policy states the password is sent by one way encryption. That suggests it shouldnt be (easily) decryptable.

Regarding MD5/salts, the author says "for starters" and "at least" and directs the suggestion specifically to the owners of the website. To say he is "suggesting people use MD5 and salts" isnt very accurate.

link
Archit 5098 days ago
Hey timaelliott,

As benjaminsull mentioned, I wrote "for starters" and "at least!" ;)

link