[Moin-user] Re: On logging out and hashed passwords

Alexander Schremmer 2004b at usenet.alexanderweb.de
Mon Feb 14 10:44:43 EST 2005


On Sun, 13 Feb 2005 18:51:47 +0100, Malte Helmert wrote:

> Another issue, a question regarding hashed passwords: Since it is 
> possible to login with the encrypted password, what is the point of 
> storing them in encrypted form? Everyone who can read the encrypted 
> password can do everything they could do if they could read the 
> unencrypted password, so doesn't this promote a false sense of security?

It does. This will hopefully be fixed in 1.4.

Kind regards,
Alexander





More information about the Moin-user mailing list