top | item 2582226

(no title)

I still dont get how you concluded that Newegg stores password in plain text.

All you did was talk to a Newegg rep, you said he mis understood you and email you your Newegg password. What evidence do you have and in what logical reasoning does that lead to Newegg storing passwords in plain text?

He could have used your info and looked it up in the Newegg system, probably clicked a check box that says "email password" the system could have decrypted it and sent you the password.

I've seen many sites that actually send you your username and current passwords if you forgot. It doesn't mean that when it's stored on their system it was not encrypted.

Edit: to clarify, my whole point is in reference to how the password is stored in plain text.

discuss

yid|14 years ago

If your password is stored in a "decryptable" format, it might as well be stored in plaintext. Secure systems simply do not have this capability.

grantg|14 years ago

Encryption is inadequate because others can still find out what your password was (Insert disgruntled employee or hacker that gets the master decyption key).

Hashing / SALTing is WAAAAAY safer.

loganlinn|14 years ago

If a system can easily decrypt a password, the programmer that made the system (or just someone looking at the source) can easily access your password.

lurker19|14 years ago

You may as well say that passwords are always encrypted into ASCII code. The difference between encoding and encrypting has only to do with the difficulty of recovering plaintext. If there is no difference, there is no difference.