[Moin-user] On logging out and hashed passwords
Brian Gallew
geek+ at cmu.edu
Sun Feb 13 16:00:11 EST 2005
Actually, there is one very good reason for storing an encrypted version
of the password: people re-use passwords. Yes, effectively you end up
with a new, unencrypted password (that just happens to look like a lot
of random garbage), but it's highly unlikely that string will match the
end user's password anywhere else. OTOH, it's quite likely that the end
user has two or three passwords they use for personal stuff. This means
that getting their "real" password off the wiki might give the attacker
access to some other resource unrelated to the wiki in question.
More information about the Moin-user
mailing list