|
|
|
|
|
|
by kpcyrd
4035 days ago
|
|
|
> After the first shock of seeing iCloud passwords stored in clear text(how hard would it be to encrypt them?) Not going to defend shady businesses, but I dislike this knee jerk reaction without understanding the actual issue. I've seen software that encrypts (encrypts, not hashes) passwords for security™, but stores the secret in the database, too. Sure, technically they didn't store plaintext passwords, but practically they did. What you could do to defend the passwords: * hash them - doesn't work in this case, because it's not an authentication system * symmetrically encrypt them - useless, the secret would be stored on the compromised server * asymmetrically encrypt them - works, assuming the private key isn't stored on the server. Therefore, it's not possible to decrypt the passwords from within the application again |
|
|