Title: Possible security issue with blockchain.info (plaintext password) Post by: pminers on October 20, 2012, 06:53:48 AM Guys who plan to use blockchain.info online wallet please consider:
Hi blockchain.info support, i wrote a mail complaining a possible security issue to you on 12. Oct and got no reply so far. Therefore i will post the answer here and hope to get feedback soon: "In the qr code for iphone device pairing the plaintext login password is contained. this is (in my opinion) a possible security issue and it makes me nervous because this means that my login password is stored in a way which is decryptable ( normally i would have expected that the password is stored as a salted hashvalue). so please can you explain." Kind regards -pminers https://bitcointalk.org/index.php?topic=40264.msg1285194#msg1285194 Title: Re: Possible security issue with blockchain.info (plaintext password) Post by: kgonepostl on October 20, 2012, 04:55:21 PM plaintext? REally?! Not even hashed? Let alone salted hashes!
FAIL!!!!!!!!!!!!! Title: Re: Possible security issue with blockchain.info (plaintext password) Post by: Maged on October 20, 2012, 09:25:26 PM Of course it's plain text. Everything except for the storage of the wallet that is encrypted with that password is done client-side.
|