[tpm] UNS: Re: Perlmonks problems

Adam Prime adam.prime at utoronto.ca
Fri Aug 7 07:09:49 PDT 2009

Perlmonks is based off of the everything engine.  use.perl.org is based 
off of slash.


Abram Hindle wrote:
> I think Perlmonks runs off of slashcode, which was made by Rob Malda (I
> think). If one wants to recover passwords they have to be plaintext, but
> really Rob should've known better. I suspect this is just a legacy app
> problem.
> That said, any website who can send you your old password, is storing it
> in a readable format.
> It doesn't matter if it is plaintext or not, if it isn't hashed well it
> is recoverable when the machine is compromised.
> abram
> Madison Kelly wrote:
>> Abram Hindle wrote:
>>> If you forgot your password you could always check:
>>> http://r00tsecurity.org/files/zf05.txt
>>> Just search for "larry wall" and you'll find the relevant section.
>>> abram
>> I've always understood that storing plain-text passwords was very, very
>> bad. I am quite surprised that a site like Perlmonks did this. Why would
>> anyone not store a hash of the passwords these days?
>> I went through this a few months back when the phpBB site was
>> compromised and was very upset. Now here we go again. I am not upset
>> that perlmonks was compromised... it happens. I am very upset though
>> that they didn't seem to take the time to store password hashes instead.
>> Am I being too hard on them? What justification could there be for this?
>> Madi
> ------------------------------------------------------------------------
> _______________________________________________
> toronto-pm mailing list
> toronto-pm at pm.org
> http://mail.pm.org/mailman/listinfo/toronto-pm

More information about the toronto-pm mailing list