[DAS] HTTP Authentication Plug
Dave Howorth
dhoworth at mrc-lmb.cam.ac.uk
Wed Oct 29 11:22:55 UTC 2008
Oops, forgot to send to list ...
Andreas Kahari wrote:
> Most password authentication software does not store plain text
> passwords, only checksums (e.g. MD5 or SHA1) of passwords. This is the
> case on modern UNIX and UNIX-like operating systems (for user login
> authentication) as well as for most software systems supporting password
> authentication, for example Apache (see manual for htpasswd).
As far as I understand, it doesn't matter whether they are stored in the
clear. Storing an encrypted password would still need to be registered.
I do realize the difference between that and a cryptographic hash but I
doubt whether the law is that sophisticated. All I'm saying is that I
think there is an issue and I believe it would be wise to check the
situation with a specialist lawyer rather than rely on my or any other
layperson's beliefs.
Cheers, Dave
More information about the DAS
mailing list