16 upvotes, 3 direct replies (showing 3)
View submission: Reddit's Streak of Bad Luck Continues...
I thought hashing passwords was a standard security practice?
And it's a practically meaningless security practice as well for websites that don't use SSL. The weakest link in the security chain is all the data that's sent in the clear over the wires.
Comment by praetorian42 at 14/12/2006 at 22:22 UTC
8 upvotes, 0 direct replies
I don't know about you guys, but on all of my login forms I've created I prehash the password using javascript and clear out the 'password' input box, so that it is never transferred cleartext (gracefully decaying, of course).
Sure, if someone picks up on the hash in transfer it won't prevent them from logging into the site, but at least it will prevent them from logging into their email or bank account if they use the same password.
Comment by stesch at 14/12/2006 at 22:02 UTC
4 upvotes, 0 direct replies
Or how secure the backup is stored.
Comment by zoomzoom83 at 15/12/2006 at 01:47 UTC
2 upvotes, 0 direct replies
Yes, but to be honest your much more likely to have your passwords stolen from a hacked or stolen database than being sniffed over the internet.
Perhaps reddit could implement an SSL Login?