Bookmyshow.com Saves User Passwords in Plain Text (opens in new tab)

(blog.archit.in)

5 pointsArchit13y ago3 comments

3 comments

They could have encrypted your password and decrypted it for that email. Still poor practices but there's nothing here to indicate what your title states.

The bottom of your article also suggests people use MD5 and salts, so clearly you aren't in a position to be criticizing anyone's password policy :)

benjaminsull13y ago

The privacy policy states the password is sent by one way encryption. That suggests it shouldnt be (easily) decryptable.

Regarding MD5/salts, the author says "for starters" and "at least" and directs the suggestion specifically to the owners of the website. To say he is "suggesting people use MD5 and salts" isnt very accurate.

ArchitOP13y ago

Hey timaelliott,

As benjaminsull mentioned, I wrote "for starters" and "at least!" ;)

j / k navigate · click thread line to collapse