microsoft email password storage encryption

03-01-2015 06:12AM #1

I've been wondering if Microsoft store the passwords for our email accounts in clear text.

I've accounts on a few of Microsoft's domains, hotmail, outlook and live. But a Year or 2 ago I noticed when I entered my password that microsoft would say it was too long and to just enter the first 16 characters of my original password.

I know enough about encryption to understand that they couldn't possibly know the first 16 characters of my encrypted password if it was originally 20 characters. Unless they haýve a clear text backup.

I know it's possible they encrypted the passwords only 16 characters at a time,

Any other ideas how they can compare the first 16 characters of an encrypted password against an original 20 odd character password.

Thanks .

tolosenc · 05-01-2015 09:19PM

I agree with bedlam here, but it's also worth considering that they used reversible encryption rather than hashing.

Khannie · 05-01-2015 10:35PM

900913 wrote: »

I know it's possible they encrypted the passwords only 16 characters at a time,

Didn't they get reefed on doing this before with some other authentication mechanism? It allowed you to determine if people were using a short password. This is all very fuzzy in my memory, but I believe it to be true. Further vagueness will be forthcoming.....

Khannie · 06-01-2015 03:14PM

That's the one.

bd0101 · 13-01-2015 02:41PM

There are programming functions that allow you to get the length of an entered string without knowing the string itself.

However, I would not trust Microsoft -or any other mainstream company (e.g. Google anyone?) with my data .. there are many other providers that are not US-based, and thus, not obliged to hand over your data.

microsoft email password storage encryption

Comments