Dave Howorth wrote:
Oops, forgot to send to list ...
Andreas Kahari wrote:
Most password authentication software does not store plain text
passwords, only checksums (e.g. MD5 or SHA1) of passwords. This is the
case on modern UNIX and UNIX-like operating systems (for user login
authentication) as well as for most software systems supporting password
authentication, for example Apache (see manual for htpasswd).
As far as I understand, it doesn't matter whether they are stored in the
clear. Storing an encrypted password would still need to be registered.
I do realize the difference between that and a cryptographic hash but I
doubt whether the law is that sophisticated. All I'm saying is that I
think there is an issue and I believe it would be wise to check the
situation with a specialist lawyer rather than rely on my or any other
layperson's beliefs.
Of course, OpenID neatly sidesteps this issue by not requiring a server
to handle any private data ;)
_______________________________________________
DAS mailing list
[email protected]
http://lists.open-bio.org/mailman/listinfo/das
