Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Did reddit disclose that the pwd was being stored plain-text?

If they had, it probably wouldn't have bothered people much.



No, I don't believe so, at least not until after the scandal broke.

It's trivial to find out though, for any website - do a "Forgot password" retrieval, and if they send you the password itself, it's stored in cleartext. If they send you a link to reset it, it's hashed.

IIRC, Reddit, MySpace, all LiveJournal clones, and IMDB all store in plaintext. Drupal installations hash them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: