[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RFC2256: userPassword

To: Paul Collins <paul@oneclick.com>
Subject: Re: RFC2256: userPassword
From: dboreham@netscape.com (David Boreham)
Date: Tue, 29 Jun 1999 12:11:59 -0700
Cc: Robert Allen <robert.allen@eng.sun.com>, " gomez@lhola.engr.sgi.com" <gomez@lhola.engr.sgi.com>, " paulle@microsoft.com" <paulle@microsoft.com>, " ietf-ldapext@netscape.com" <ietf-ldapext@netscape.com>, " Kurt@OpenLDAP.Org" <kurt@openldap.org>
References: <199906291850.LAA14641@ego.mind.net>
Resent-date: Tue, 29 Jun 1999 12:04:07 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"Kr2gaC.A.vuG.biRe3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com


Paul Collins wrote:

> Why are they world-readable in the first place? I figured authentication

They aren't. It's a philisophical position that they
can be read, somehow. This is why we use one-way
hashes for passwords rather than storing cleartext.

Follow-Ups:
- Re: RFC2256: userPassword
  - From: Helmut Volpers <helmut.volpers@icn.siemens.de>

References:
- Re: RFC2256: userPassword
  - From: Paul Collins <paul@oneclick.com>

Prev by Date: RE: RFC2256: userPassword
Next by Date: RE: RFC2256: userPassword
Index(es):
- Chronological
- Thread