[hcs-d] Password PSA
jscushman at gmail.com
Thu Dec 9 20:41:51 EST 2010
I spent my last section mostly on web security practices, so students in my
section should know it's bad practice :-)
Not sure if other students are aware though; the unencrypted passwords are
part of the distribution code for the stock parket pset.
On Thu, Dec 9, 2010 at 8:34 PM, Joseph Tassarotti <
tassarotti at college.harvard.edu> wrote:
> Yes, they're creepy - but the more important thing to me is: are the
> students in the class aware that this is bad practice? I helped some people
> with the stock market assignment and, as Michael says, people stored
> passwords in plaintext for that. Maybe in the future the lectures should
> mention the use of bcrypt (or at least sha1). It doesn't really add that
> much complexity at all for students, so why not?
> I did notice that the CS50 wiki removed the bit about authenticating users
> using their FAS accounts, which is good.
> <-----Original Message----->
> *From: Jeremy Cushman [jscushman at gmail.com]*
> Sent: 12/9/2010 8:21:16 PM
> To: sdeshpande at college.harvard.edu
> Cc: hcs-discuss at lists.hcs.harvard.edu
> Subject: Re: [hcs-d] Password PSA
> Yeah, sites that send you back your passwords in plaintext are really
> creepy. Just noticed http://crimsonspark.com/forgotpassword.php.
> On Thu, Dec 9, 2010 at 5:56 PM, Saagar Deshpande <
> sdeshpande at college.harvard.edu> wrote:
>> Great idea. Tony and I already discovered that crimsonspark was doing this
>> and informed Malan, so we think that this would be a nice thing for people
>> to know for tomorrow.
>> On Thu, Dec 9, 2010 at 4:54 PM, Michael Chen <
>> michaelchen at college.harvard.edu> wrote:
>>> Hey all,
>>> So the CS50 Fair is tomorrow. I feel like we should send out a PSA
>>> warning people against foolishly putting their usual username/password
>>> combos into CS50 projects. I know it's frowned upon to use common passwords
>>> across accounts anyway, but I'm pretty sure many projects will be storing
>>> passwords in plaintext (as that's what they did for one of their psets).
>>> hcs-discuss mailing list
>>> hcs-discuss at lists.hcs.harvard.edu
>> hcs-discuss mailing list
>> hcs-discuss at lists.hcs.harvard.edu
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the hcs-discuss