passward issue

[ModerNietz]

Is it possible for webmasters to get registers' passward? Like here.

 

[office politics]

webmasters? maybe. if you have access to the server's dbs then you have access to all the data.

 

[Him]

They're not suppose to, it is suppose to be encrypted. All they should be able to do is reset it to what they want. But i guess it all depends on how the server is set up.

 

[fitzjj]

not if the website is half decent. A pasword should be one way encryption, it sould not be possible to reverse engineer an encrypted password.

When checking a password the entered password should be encrypted and the result compared to the stored encrypted password - you should not decrypt a password and then compare it, this is insecure and also means a crap algorithm has been used.

 

[Him]

Well, you can just turn off al that encryption/algorithm crap so you can see every one's passwords. But then, that just contradicts the whole idea of a password.

 

[shuaibao]

Well, sometimes websites have one-way encryption, making it impossible to retrieve passwords from it, but you can create a new password to overwrite it. As in 'you' as in the administrators.
not too much of a deal.

 

[uzi9mm]

Those one way calculations are called "HASH keys" But if they really wanted to get your password they can use a program like LCP to crack those hashes.