Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

microsoft email password storage encryption

  • 03-01-2015 5:12am
    #1
    900913
    Registered Users, Registered Users 2 Posts: 367 ✭✭


    I've been wondering if Microsoft store the passwords for our email accounts in clear text.

    I've accounts on a few of Microsoft's domains, hotmail, outlook and live. But a Year or 2 ago I noticed when I entered my password that microsoft would say it was too long and to just enter the first 16 characters of my original password.

    I know enough about encryption to understand that they couldn't possibly know the first 16 characters of my encrypted password if it was originally 20 characters. Unless they haýve a clear text backup.

    I know it's possible they encrypted the passwords only 16 characters at a time,

    Any other ideas how they can compare the first 16 characters of an encrypted password against an original 20 odd character password.


    Thanks .


Comments

  • #2
    tolosenc
    Registered Users, Registered Users 2 Posts: 6,889 ✭✭✭tolosenc


    I agree with bedlam here, but it's also worth considering that they used reversible encryption rather than hashing.


  • #3
    Khannie
    Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    900913 wrote: »
    I know it's possible they encrypted the passwords only 16 characters at a time,

    Didn't they get reefed on doing this before with some other authentication mechanism? It allowed you to determine if people were using a short password. This is all very fuzzy in my memory, but I believe it to be true. Further vagueness will be forthcoming.....


  • #4
    Khannie
    Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    That's the one. :)


  • #5
    bd0101
    Registered Users, Registered Users 2 Posts: 43 bd0101


    There are programming functions that allow you to get the length of an entered string without knowing the string itself.

    However, I would not trust Microsoft -or any other mainstream company (e.g. Google anyone?) with my data .. there are many other providers that are not US-based, and thus, not obliged to hand over your data.


Advertisement