[Tutor] Decrypting a Password
Alan Gauld
alan.gauld at yahoo.co.uk
Sun Oct 9 07:26:44 EDT 2016
On 09/10/16 10:42, Steven D'Aprano wrote:
>> Are you sure? That's very bad practice and never needed
>> in the real world.
>
> You've never used a password vault then?
That's true, I've never seen a secure one, so I never
use them. Same with browsers doing auto-authentication,
a terrible idea! But you are also correct that
they are a scenario where unencryption becomes
necessary - exactly why they are a bad idea!
Actually I don't mind them so much if they are
kept on a single personal device that is itself
secured (and the passwords are encrypted, of course),
but anywhere that the passwords are on a server and
that server provides an API to unencrypt is
inherently unsafe, even when using access keys.
>> So you should never need to see the plaintext
>> version of a password, that would be a bad
>> security hole.
>
> If you don't know the plaintext version of the password, how do you type
> it into the password field? :-)
Smiley noted, but for clarity I meant "you" as in
the recipient of the password not the originator.
--
Alan G
Author of the Learn to Program web site
http://www.alan-g.me.uk/
http://www.amazon.com/author/alan_gauld
Follow my photo-blog on Flickr at:
http://www.flickr.com/photos/alangauldphotos
More information about the Tutor
mailing list