Comments on: ISP reveals passwords http://www.p2pnet.net/story/9799 p2pnet.net - reader powered Wed, 01 Feb 2012 15:11:09 -0300 http://wordpress.org/?v=2.8.4 hourly 1 By: Reader's Write http://www.p2pnet.net/story/9799/comment-page-1#comment-119287 Reader's Write Fri, 08 Sep 2006 12:43:04 +0000 #comment-119287 The big question: Why does the ISP have the password at all? They shouldn't store the passwords themselves, but rather one way hashes* of the password. When the user attempts to log in, their supplied password is then hashed and compared with the stored hash for correctness. This is the way passwords have been securely handled for decades. *For those who don't know, a one way hash is just what it sounds like. A mathematical operation is preformed on the data resulting in a number. The number can not be used to find the original data, but the same data always produces the same number. wikipedia: http://en.wikipedia.org/wiki/Cryptographic_hash_function The big question: Why does the ISP have the password at all?

They shouldn’t store the passwords themselves, but rather one way hashes* of the password. When the user attempts to log in, their supplied password is then hashed and compared with the stored hash for correctness. This is the way passwords have been securely handled for decades.

*For those who don’t know, a one way hash is just what it sounds like. A mathematical operation is preformed on the data resulting in a number. The number can not be used to find the original data, but the same data always produces the same number.

wikipedia: http://en.wikipedia.org/wiki/Cryptographic_hash_function

]]> By: Reader's Write http://www.p2pnet.net/story/9799/comment-page-1#comment-119221 Reader's Write Fri, 08 Sep 2006 00:03:20 +0000 #comment-119221 If my ISP ever does that to me, I'll find another...FAST! If my ISP ever does that to me, I’ll find another…FAST!

]]>