[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gmail security is a joke

Subject: gmail security is a joke
From: bzs at world.std.com (Barry Shein)
Date: Wed, 27 May 2015 17:50:36 -0400
In-reply-to: <CAP-guGW+M208L1EQswAU2KS+f8Nugh49=xRGmWYdYcohL147pQ@mail.gmail.com>
References: <CAKnNFz_apy8KHBXj0umGoq6UfCD640Jtxe9A+2TqU-d761-eug@mail.gmail.com> <[email protected]> <CAEE+rGqi0UiC=mEBOcUMFBbBLfSgVKHpmSFw=PE45emxB1cYDQ@mail.gmail.com> <CACnPsNW7W1u-cXBFVy8j3xEV1FEBXsT1C_+kYT4MMXXa9Uf+Kw@mail.gmail.com> <CAP-guGXv+9AuM1z_r7oO7q6HDuF1Dw_tTXO5EwywLw2shpt96g@mail.gmail.com> <[email protected]> <CAP-guGW+M208L1EQswAU2KS+f8Nugh49=xRGmWYdYcohL147pQ@mail.gmail.com>

I am truly relieved that this was just a misunderstanding!

  -b

On May 27, 2015 at 16:05 bill at herrin.us (William Herrin) wrote:
 > On Wed, May 27, 2015 at 1:51 PM, Barry Shein <bzs at world.std.com> wrote:
 > > On May 27, 2015 at 10:28 bill at herrin.us (William Herrin) wrote:
 > >  > On Tue, May 26, 2015 at 4:10 PM, Scott Howard <scott at doc.net.au> wrote:
 > >  > > It means they are storing it unhashed
 > >  > > which is probably what you mean.
 > >  >
 > >  > It means they're storing it in a form that reduces to plain text
 > >  > without human intervention. Same difference. Encrypted at rest matters
 > >  > not, if all the likely attack vectors go after the data in transit.
 > >
 > > It matters a lot. [...]
 > > The OP was correct, if they can send you your cleartext password then
 > > their security practices are inadequate, period.
 > 
 > Am I speaking English? I thought I was speaking English.
 > 
 > 
 > > Unless I misunderstand what you're saying (I sort of hope I do)
 > 
 > Yeah, I think you probably did since I was largely agreeing with you.
 > What I was trying to say was that there wasn't a heck of a lot of
 > difference between storing a user's password with reversible
 > encryption and storing it in plain text. Both are supremely
 > unsatisfactory. Reasonable security starts by not retaining the user's
 > password at all. Keep only the non-reversible hash.
 > 
 > Regards,
 > Bill Herrin
 > 
 > -- 
 > William Herrin ................ herrin at dirtside.com  bill at herrin.us
 > Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>

References:
- gmail security is a joke
  - From: tknchris at gmail.com (chris)
- gmail security is a joke
  - From: johnl at iecc.com (John Levine)
- gmail security is a joke
  - From: aaron at heyaaron.com (Aaron C. de Bruyn)
- gmail security is a joke
  - From: scott at doc.net.au (Scott Howard)
- gmail security is a joke
  - From: bill at herrin.us (William Herrin)
- gmail security is a joke
  - From: bzs at world.std.com (Barry Shein)
- gmail security is a joke
  - From: bill at herrin.us (William Herrin)

Prev by Date: Capacity/transit costs vs growth
Next by Date: gmail security is a joke
Previous by thread: gmail security is a joke
Next by thread: gmail security is a joke
Index(es):
- Date
- Thread