They can’t send it if they haven’t stored it, that’s the proof. Whether temporary or not it’s a weakness and attack vector for obtaining unhashed passwords. And if they stored it, it should be immediately hashed at which point they can’t send it.
Stored in memory is still stored. It’s still unencrypted during data processing. Still bad practice and a security vulnerability at best. Email isn’t E2E encrypted.
You have the text input feed directly into the encryption layer without an intermediary variable. The plaintext data should never be passable to an accessible variable which it must be to send the plaintext password in the email because it’s not an asynchronous process.
I’m surprised so many people are getting hung up on basic infosec.
The front end to backend traffic should be encrypted, hashing occurs on the backend. The backend should never have access to a variable with a plaintext password.
I’m going to have to stop replying because I don’t have the time to run every individual through infosec 101.
Yes. I agree 100% with the things I can and I defer to your experience where I can’t. I used to write proprietary networking protocols 20 years ago and that’s the knowledge and experience I’m leaning on.
As a matter of practice we would ensure to process passwords by encrypting the datasteam directly from the input, and they were never unencrypted in handling, so as to protect against various system and browser vulnerabilities. It would be a big deal to have them accessible in plaintext beyond the user client, not to mention accessible and processable by email generation methods and insecure email protocols.
I haven’t looked into it but I was wondering about the logistics of setting up a federated honeypot for server side stream sniffing to build a plaintext email/password database.
You encrypt the datastream from the text input on the client side before storing it in a variable. It’s not rocket science. I did this shit 20 years ago. Letting a plaintext password leave the user client is fucking stupid.
Gaben has been hands off at valve for a decade. He’s off breaking world records with research submersibles. Playing with his rubber duckies in the bathtub.
No, we’re talking about people who expect Bethesda to perform differently from historical record. How are you not even following the conversation you’re trying to be part of?
Larion Studios forum stores your passwords in unhashed plaintext. (lemmy.world) angielski
Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.
Dusk Developer David Szymanski: I'd rather pay Valve 30% and put up with their de facto monopoly than help Epic work towards their own (very obviously desired) monopoly (twitter.com) angielski
If I’m honest, I don’t disagree....
Diablo 4 Twitch viewership continues to drop as Diablo 3 overtakes it (www.charlieintel.com) angielski
Bethesda hired a Skyrim modder to create the "lighting and clutter" in Starfield (www.gamescensor.com) angielski
Starfield install size revealed, available to preload now (www.eurogamer.net) angielski
On PC, the game is 139.84 GB. On console, it’s 100.19 GB for Standard or 117.07 GB for the Premium Edition