Page 1 of 1

insecure method to store passwords.

Posted: Thu Dec 08, 2011 4:06 pm
by luqasz

Re: insecure method to store passwords.

Posted: Thu Dec 08, 2011 4:58 pm
by ayufan
Yes, we are. Problem was told many times before.

Re: insecure method to store passwords.

Posted: Thu Dec 08, 2011 7:07 pm
by luqasz
and ? any official statement ?

Re: insecure method to store passwords.

Posted: Fri Dec 09, 2011 10:09 am
by normis
1. don't give your router to somebody who will hack it. lock it away from public.
2. keep backup files safe

given enough time, any encryption can be cracked. so use also other methods of protection.

Re: insecure method to store passwords.

Posted: Fri Dec 09, 2011 11:24 am
by ayufan
given enough time, any encryption can be cracked. so use also other methods of protection.
normis you're funny ;) how can you say that passwords in routeros are encrypted? no they are not, if by encryption you mean simple xor, then it's not very nice...

It wonders me who in your company made such faux pas when industry standard is password hashed with some random salt.

Re: insecure method to store passwords.

Posted: Fri Dec 09, 2011 11:49 am
by normis
please read my post again, because you completely missed my point. I said - why even bother encrypting it? it will just take a little more time to read. Better deal with your other security hole - why can somebody take your router and do what he pleases?