Oops, forgot to send to list ... Andreas Kahari wrote: > Most password authentication software does not store plain text > passwords, only checksums (e.g. MD5 or SHA1) of passwords. This is the > case on modern UNIX and UNIX-like operating systems (for user login > authentication) as well as for most software systems supporting password > authentication, for example Apache (see manual for htpasswd).
As far as I understand, it doesn't matter whether they are stored in the clear. Storing an encrypted password would still need to be registered. I do realize the difference between that and a cryptographic hash but I doubt whether the law is that sophisticated. All I'm saying is that I think there is an issue and I believe it would be wise to check the situation with a specialist lawyer rather than rely on my or any other layperson's beliefs. Cheers, Dave _______________________________________________ DAS mailing list [email protected] http://lists.open-bio.org/mailman/listinfo/das
