[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns
ralphs at blueairnetworks.com
Tue May 27 20:18:49 UTC 2003
Dave Smith wrote:
> Look, the idea here is to fix something that should have been fixed a
> long time ago. This isn't rocket science. It is neither less, nor more
> secure for authentication/registration than the current method -- but it
> DOES provide A way to avoid storing a password in plaintext.
Then you can simply change the server to hash the password that is
stored, or crypt it, or rot13 it, or do any number of simple
transformations so that the result is not directly readable in spool
file or database. No client changes required.
More information about the Standards