View Single Post
Old 07-13-2002, 07:07 AM  
FlashFXP Developer
bigstar's Avatar
Join Date: Oct 2001
Posts: 8,012

each password should generate a unique hash, breakable only by brute-force attempts
Logically I don't see how this is possible, a password that is encrypted must be eventually decrypted to log into the site. If this magic key isn't requested from the user then it must be stored somewhere, which from your point of view makes it insecure.

By adding this feature, you are admitting that there is a security risk
The encryption used to protect the passwords was good enough for most people. This feature was added by popular demand. Nothing more, nothing less.

Most programs that contain passwords/private information encrypt it using weak methods or methods that can be reverse engineered. That's just the way it is.

Application Password Protection was designed to take it a step further. The majority of the users who use this feature have no complaints. From a marketing stand point majority rules..
bigstar is offline