> > Recommendations > > --------------- > > Store passwords in an encrypted form > > How are you gonna accomplish this since the password has to go 'over the > wire' in plaintext? To be able to authenticate with the password you need to > be able to decrypt it.. right? 'Storing' the password in encrypted form would be quite easy to accomplish, and it would at least stop the casual snooper. You could argue that the same passwords /are/ encrypted when they're put in the registry, so why not in .ins files too? It increases the security a tad. Anyway, for a complete solution I think we should wait for... Palladium and TCPA-based modems. - Blazde
This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 13:44:08 PDT