Topic: Possible security issue with blockchain.info (plaintext password) (Read 640 times)
Of course it's plain text. Everything except for the storage of the wallet that is encrypted with that password is done client-side.
October 20, 2012, 12:55:21 PM
plaintext? REally?! Not even hashed? Let alone salted hashes!
FAIL!!!!!!!!!!!!!
FAIL!!!!!!!!!!!!!
October 20, 2012, 02:53:48 AM
Guys who plan to use blockchain.info online wallet please consider:
Hi blockchain.info support,
i wrote a mail complaining a possible security issue to you on 12. Oct and got no reply so far.
Therefore i will post the answer here and hope to get feedback soon:
"In the qr code for iphone device pairing the plaintext login password is contained. this is (in my opinion) a possible security issue and it makes me nervous because this means that my login password is stored in a way which is decryptable ( normally i would have expected that the password is stored as a salted hashvalue). so please can you explain."
Kind regards
-pminers
https://bitcointalksearch.org/topic/m.1285194
Hi blockchain.info support,
i wrote a mail complaining a possible security issue to you on 12. Oct and got no reply so far.
Therefore i will post the answer here and hope to get feedback soon:
"In the qr code for iphone device pairing the plaintext login password is contained. this is (in my opinion) a possible security issue and it makes me nervous because this means that my login password is stored in a way which is decryptable ( normally i would have expected that the password is stored as a salted hashvalue). so please can you explain."
Kind regards
-pminers
https://bitcointalksearch.org/topic/m.1285194
Jump to: