France's new data retention law requires online service providers to keep databases for their user names, addresses and passwords, and provide the police on request. Apart from the risk of keeping this personal information (identity thieves, stalkers, etc.-, that which is not stolen and leaked may not), the requirement that provider for storing unhashed has plain-text passwords, Bruce Schneier on it risk and.
Save well designed systems, no passwords; take prefer the password you provide and guide it through a cryptographic hash algorithm, which turned it into another string (in theory, this string can be not turned back in the password). If you visit the site again and specify your password, it is once again by the algorithm, and the result is then compared to the saved version. In this way white niemand-- not even the provider-your password (except you). Again, not that which is stored can be not leaked. The French online services unhashed passwords with emergency key require is a reversal of decades of best practices in security.
The law obliges a number of e-commerce sites, video and music and Web mail providers to keep a lot of data on customers.NET Giants challenge law French dataThese include user full names, addresses, phone numbers, and passwords. The data must be passed to the authorities, if required.
The right to access all have police, that provide fraud prevention Office, customs, taxation and social security.
没有评论:
发表评论