Hacker News new | past | comments | ask | show | jobs | submit login

All password managers store plain text passwords. That's literally a requirement for them to work at all.

I'm not sure this is what you mean to say, because, obviously, good password managers don't store passwords in cleartext.




You cannot hash passwords in a password manager. It has to be reversibly encrypted and turned back into plain text before utilisation.

So when people complain about password managers storing plain text (as opposed to hashing) they're barking up the wrong tree, it is a necessary evil.

You just want to see them encrypt those plain text passwords so that offline recovery is harder. That's what both Firefox's master password, CryptProtectData() for Chrome/IE, and the key-chain in OS X provide.


I think you're trying to say something akin to but not quite "plaintext equivalent", and your terminology is mangling your argument.


Ah come on, you obviously understand what he is trying to say. You don't always have to interpret every comment online as if the person writing them is stupid.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: