[Owasp-topten] Insecure Cryptographic Storage

Dave Wichers dave.wichers at aspectsecurity.com
Fri Apr 3 11:46:34 EDT 2009

In general. Yes.

-----Original Message-----
From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Zaki Akhmad
Sent: Friday, April 03, 2009 11:40 AM
To: owasp-topten at lists.owasp.org
Subject: [Owasp-topten] Insecure Cryptographic Storage


I'm back to ask again :-)

Is it true that end user will never know that his/her password is
stored whether in plain text or cipher text? Unless he/she knows how
the program store the password and to get know it, the user should get
access to the source code.

Zaki Akhmad
Owasp-topten mailing list
Owasp-topten at lists.owasp.org

More information about the Owasp-topten mailing list