DNForum - Domain Sales, Domain Forum, Domain Appraisals, Domain Registrars - View Single Post

**symetrix** · 02-06-2009, 03:19 PM

NameDrive did NOT properly store passwords in their database. This is made evident by the fact that your reset password is [originalpassword]_[somenumbers].

If they were properly storing passwords (saving a hash and salt), they would not have been able to get your original password to generate the new password with.

Note that "encrypting" passwords is useless, because anyone who compromises the database is likely to also get the decryption keys (since the website would have access to them).

I pointed this failure out to ND and got a BS response of "we do not comment on the way we encrypt information." Anyone doing the right thing would flat out deny it, not refuse to comment.

02-06-2009, 03:19 PM	#24 (permalink)
symetrix Platinum Lifetime Member Name: Mike D Last Online: 02-25-2009 02:42 PM iTrader: (3) Join Date: Nov 2004 Posts: 8 DNF$: 21 Location: San Francisco, CA	NameDrive did NOT properly store passwords in their database. This is made evident by the fact that your reset password is [originalpassword]_[somenumbers]. If they were properly storing passwords (saving a hash and salt), they would not have been able to get your original password to generate the new password with. Note that "encrypting" passwords is useless, because anyone who compromises the database is likely to also get the decryption keys (since the website would have access to them). I pointed this failure out to ND and got a BS response of "we do not comment on the way we encrypt information." Anyone doing the right thing would flat out deny it, not refuse to comment. __________________ PM offers for: AmericansInDebt.com BettingInPoker.com CasinosWithPoker.com HandgunLock.com JobsAtAirlines.com