<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    My thoughts exactly, a domain password by design has to be

    retrievable, so it can't be a one-way hash.<br>

    <br>

    <div class="moz-cite-prefix">On 11/03/14 08:08, Scott Howard wrote:<br>

    </div>

    <blockquote

cite="mid:CACnPsNW2BZ4BpHxNYtTVc9JRY9vQpguEC-K7TYWHspKqGfZ=8Q@mail.gmail.com"

      type="cite">

      <div dir="ltr">Isn't this how it has to work, given what the

        domain password is?

        <div><br>

        </div>

        <div>AUDA will also email you your password just by asking - <a

            moz-do-not-send="true"

            href="http://admin.auda.org.au/passwordMail/PasswordMail">http://admin.auda.org.au/passwordMail/PasswordMail</a></div>

        <div><br>

        </div>

        <div>Nowhere does there seem to be any real indication that

          these are stored in "cleartext".  The claim that "If the

          credentials were stored on the server in an encrypted format,

          it is unlikely they could be automatically decrypted by a

          mailout program to be sent in cleartext" is bogus (although

          you could argue that having the key available to the same

          system as the encrypted data leaves is as good as cleartext -

          but that is NOT what they are saying).</div>

        <div><br>

        </div>

        <div>And "28 bit" crypto?  Umm.. no.  the linked website clearly

          says "128 bit" and has for at least a year according to the

          Way Back Machine.</div>

        <div><br>

        </div>

        <div>  Scott</div>

        <div>

          <br>

        </div>

        <div><br>

        </div>

      </div>

      <div class="gmail_extra"><br>

        <br>

        <div class="gmail_quote">On Mon, Mar 10, 2014 at 1:45 PM, Peter

          Lawler <span dir="ltr"><<a moz-do-not-send="true"

              href="mailto:ausnog@bleeter.id.au" target="_blank">ausnog@bleeter.id.au</a>></span>

          wrote:<br>

          <blockquote class="gmail_quote" style="margin:0 0 0

            .8ex;border-left:1px #ccc solid;padding-left:1ex">It occurs

            to me that some on noggers may not have previously been

            aware of this. But now that it's 'in the news', etc.<br>

            <br>

            <a moz-do-not-send="true"

href="http://www.itnews.com.au/News/374095,melbourneit-stores-domain-passwords-in-cleartext.aspx"

              target="_blank">http://www.itnews.com.au/News/374095,melbourneit-stores-domain-passwords-in-cleartext.aspx</a><br>

            _______________________________________________<br>

            AusNOG mailing list<br>

            <a moz-do-not-send="true"

              href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>

            <a moz-do-not-send="true"

              href="http://lists.ausnog.net/mailman/listinfo/ausnog"

              target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>

          </blockquote>

        </div>

        <br>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

AusNOG mailing list

<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>

<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>

</pre>

    </blockquote>

    <br>

  </body>

</html>