Re: Plain text password for Microsoft (icwip.dun)

From: Knud Erik Højgaard (kain@egotrip.dk)
Date: 07/09/02


From: Knud Erik Højgaard <kain@egotrip.dk>
To: <bigpoop@clara.co.uk>, <vuln-dev@securityfocus.com>
Date: Tue, 9 Jul 2002 21:03:47 +0200


> Recommendations
> ---------------
> Store passwords in an encrypted form

How are you gonna accomplish this since the password has to go 'over the
wire' in plaintext? To be able to authenticate with the password you need to
be able to decrypt it.. right?

-Knud



Relevant Pages