Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

microsoft email password storage encryption

  • 03-01-2015 06:12AM
    #1
    Registered Users, Registered Users 2 Posts: 367 ✭✭


    I've been wondering if Microsoft store the passwords for our email accounts in clear text.

    I've accounts on a few of Microsoft's domains, hotmail, outlook and live. But a Year or 2 ago I noticed when I entered my password that microsoft would say it was too long and to just enter the first 16 characters of my original password.

    I know enough about encryption to understand that they couldn't possibly know the first 16 characters of my encrypted password if it was originally 20 characters. Unless they haýve a clear text backup.

    I know it's possible they encrypted the passwords only 16 characters at a time,

    Any other ideas how they can compare the first 16 characters of an encrypted password against an original 20 odd character password.


    Thanks .


Comments

  • Registered Users, Registered Users 2 Posts: 6,889 ✭✭✭tolosenc


    I agree with bedlam here, but it's also worth considering that they used reversible encryption rather than hashing.


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    900913 wrote: »
    I know it's possible they encrypted the passwords only 16 characters at a time,

    Didn't they get reefed on doing this before with some other authentication mechanism? It allowed you to determine if people were using a short password. This is all very fuzzy in my memory, but I believe it to be true. Further vagueness will be forthcoming.....


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    That's the one. :)


  • Registered Users, Registered Users 2 Posts: 43 bd0101


    There are programming functions that allow you to get the length of an entered string without knowing the string itself.

    However, I would not trust Microsoft -or any other mainstream company (e.g. Google anyone?) with my data .. there are many other providers that are not US-based, and thus, not obliged to hand over your data.


Advertisement