13 Dec
2011
13 Dec
'11
6:36 p.m.
On 13/12/2011 15:04, "Peter Koch" <pk@DENIC.DE> wrote:
while I agree that concealing the hashes actually sound like a reasonable approach, it sacrifices a DB invariant, which is: every object will be displayed as-is (-B and other options non-withstanding).
I guess yes, it does, MNTNER can't be displayed as-is if it is going to leak information like that (unless anybody can think of a better idea?, and yes, deprecating MD5 would be a lot simpler, but this is the approach which had supposedly the least pain). I'm sure also the FTP dumps will be tidied up and people will be advised to change these passwords to prevent an attack based off archived data? Dave.