Highest Rated Comments
Vertana25 karma
Do the US Marines seem to be in agreement with ending the war and bringing our troops home? How does the environment feel there as far as attitudes and human relations?
Vertana4 karma
Glad to hear the relations between Marines and the ANA are much better these days! Thank you for taking the time to answer our questions and I wish you luck in your next endeavor, sir.
Vertana138 karma
In this example, this is a scare tactic that RSA salesman used to try to make the competitor sound like they can't keep secrets. The reality is that according to this language EVERY responsible cloud company would be doing it this way. What is "this way"?
They would take your password you enter, hash and salt it (this part is mathy to make it happen) one way to a near-unreadable string before it ever touches the server, and then save that hash. Not your actual password. So it is still "storing... credentials", but in a safe manner.
The algorithm they are using (according to the above poster) is OATH HOTP. The best practice in the industry consists of using well-documented algorithms that have been thoroughly tested against all sorts of attacks. If your company isn't using something open like this and instead has built their own thing - I would at least be suspicious.
This is because no matter how well they think they may have developed their secret sauce - it hasn't been publicly reviewed and attacked. You don't know if it can stand the heat basically.
TL;DR: They don't store your password, they store a thing representing it. They use publicly known algorithms because they work and have been thoroughly reviewed and tested.
View HistoryShare Link