Author

Topic: Possible security issue with blockchain.info (plaintext password) (Read 650 times)

legendary
Activity: 1204
Merit: 1015
Of course it's plain text. Everything except for the storage of the wallet that is encrypted with that password is done client-side.
full member
Activity: 124
Merit: 100
plaintext? REally?! Not even hashed? Let alone salted hashes!
FAIL!!!!!!!!!!!!!
newbie
Activity: 21
Merit: 0
Guys who plan to use blockchain.info online wallet please consider:

Hi blockchain.info support,

i wrote a mail complaining a possible security issue to you on 12. Oct and got no reply so far.
Therefore i will post the answer here and hope to get feedback soon:

"In the qr code for iphone device pairing the plaintext login password is contained. this is (in my opinion) a possible security issue and it makes me nervous because this means that my login password is stored in a way which is decryptable ( normally i would have expected that the password is stored as a salted hashvalue). so please can you explain."

Kind regards
-pminers


https://bitcointalksearch.org/topic/m.1285194

Jump to: