Bitcoin Forum
July 10, 2024, 05:02:18 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Other > Beginners & Help > Possible security issue with blockchain.info (plaintext password)
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Possible security issue with blockchain.info (plaintext password)  (Read 632 times)
pminers (OP)
Newbie
*
Offline Offline

Activity: 21
Merit: 0



View Profile
October 20, 2012, 06:53:48 AM
 #1
Guys who plan to use blockchain.info online wallet please consider:

Hi blockchain.info support,

i wrote a mail complaining a possible security issue to you on 12. Oct and got no reply so far.
Therefore i will post the answer here and hope to get feedback soon:

"In the qr code for iphone device pairing the plaintext login password is contained. this is (in my opinion) a possible security issue and it makes me nervous because this means that my login password is stored in a way which is decryptable ( normally i would have expected that the password is stored as a salted hashvalue). so please can you explain."

Kind regards
-pminers


https://bitcointalk.org/index.php?topic=40264.msg1285194#msg1285194
kgonepostl
Full Member
***
Offline Offline

Activity: 124
Merit: 100



View Profile
October 20, 2012, 04:55:21 PM
 #2
plaintext? REally?! Not even hashed? Let alone salted hashes!
FAIL!!!!!!!!!!!!!
Maged
Legendary
*
Offline Offline

Activity: 1204
Merit: 1015


View Profile
October 20, 2012, 09:25:26 PM
 #3
Of course it's plain text. Everything except for the storage of the wallet that is encrypted with that password is done client-side.
Like my posts? Donate!
1MagedVeZqDtU4Jh5BdgvHpcWk9dXFzZY8
Pages: [1]
  Print  
Bitcoin Forum > Other > Beginners & Help > Possible security issue with blockchain.info (plaintext password)
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!