Home Forums Article Discussions Article Discussions by Author Discuss Content Posted by Steve Jones Algorithm Secrecy is not Security RE: Algorithm Secrecy is not Security

  • March 18, 2013 at 9:27 am

    #1598082

    Antares686 (3/18/2013)

    Actually I am big on this idea. But I think companies should be required to disclose not just password encryption but sensitive data as well such as SSN, Credit Cards, security questions (most people use the same questions everywhere), etc. Anything someone can use to use your accounts or gain further access to your accounts should be fully protected and public disclosure should be required so companies aren't storing plain text or they will get caught. Too many companies rely on passwords to protect user data when the database itself get's hacked and all users data is compromised becuase it is all in plain text. That is my view and I am sticking to it.

    You'd better require them to disclose the method and/or passphrase they use to generate the encryption key as well, because the strongest encryption is worthless when the key and/or passphrase is worthless.