[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns

Ralph Siemsen ralphs at blueairnetworks.com
Tue May 27 20:18:49 UTC 2003


Dave Smith wrote:

> Look, the idea here is to fix something that should have been fixed a 
> long time ago. This isn't rocket science. It is neither less, nor more 
> secure for authentication/registration than the current method -- but it 
> DOES provide A way to avoid storing a password in plaintext.

Then you can simply change the server to hash the password that is 
stored, or crypt it, or rot13 it, or do any number of simple 
transformations so that the result is not directly readable in spool 
file or database.  No client changes required.

-R




More information about the Standards mailing list