61 upvotes, 2 direct replies (showing 2)
View submission: Reddit's Streak of Bad Luck Continues...
That is completely irresponsible. Hashing passwords is a joke to implement.
Comment by duketime at 14/12/2006 at 21:41 UTC
6 upvotes, 1 direct replies
Exactly.
It is probably as basic as a salt and two method invocations (creation and login).
(Er. And some regression testing.)
Comment by spez at 15/12/2006 at 01:30 UTC
30 upvotes, 7 direct replies
It is [easy to implement], and I'll go ahead and do it now that everyone has decided to weigh in.
Personally, I prefer the convenience of being having my passwords emailed to me when I forget, which happens from time to time since I use difference passwords everywhere.
Not hashing was a design decision we made in the beginning, and it didn't stem from irresponsibility-- it stemmed from a decision to provide functionality that I liked.
It bit us in the ass this time, and we are truly sorry for it. The irresponsibility (and there is some) was allowing our data to get nabbed.