This site uses cookies to deliver our services, improve performance, for analytics, and (if not signed in) for advertising. By using LibraryThing you acknowledge that you have read and understand our Terms of Service and Privacy Policy. Your use of the site and services is subject to these policies and terms.
  • LibraryThing
  • Book discussions
  • Your LibraryThing
  • Join to start using.

Encrypted Password Database

Talk about LibraryThing

Join LibraryThing to post.

This topic is currently marked as "dormant"—the last message is more than 90 days old. You can revive it by posting a reply.

Oct 12, 2008, 1:27pm Top

Why does LibraryThing store passwords in plain text? This is _very_ scary knowing that Bill O'Reiley's database of users was recently stolen along with passwords of all his members.

I'm not a webappsec expert, but wouldn't storing the passwords hashed with a salt be more secure than storing the passwords in plain text? You wouldn't really have to give up any of the conveniences of your current system... people would still be able to "reset their password." It would be a huge gain for users though because passwords wouldn't be stored on your site with the potential to be stolen by a hax0r.

Thank You.

Oct 20, 2008, 12:35am Top

Do we know that passwords on LT are kept in plain text? LT wouldn't be the only site to keep passwords in plain text, but just about every PHP book I've ever encountered has talked about how bad an idea that is. OTOH, unless you've hacked into the tables, I'm not sure how you would know.

Oct 20, 2008, 8:40am Top

I'm guessing that he knows because we helped him recover one.

Here's the deal. The standard way sites deal with security is to store passwords as hashes, but to require an email--used to send a new password if you forget your old one.

LibraryThing grows out of a different idea of security—one that takes as its principle value not requiring any personal details. This includes emails addresses. LibraryThing does not require members to enter anything other than a user name and a password. A majority do not give us their passwords, making a "reset" impossible. Rather, when a user is really in trouble, we tend to have a conversation about it. (Nine times out of ten they say their password is "MickeyMouse" and we notice it's "MineyMouse.")

The point of this sort of security is less to protect your account than you. Without personal information, authorities interested in your books would have a harder time tracking you down. (They'd have to subpoena access logs, assuming we had them for the period in question, and actually those wouldn't necessarily help, as standard web logs don't say who you're signed in as, just where you went.) In this spirit, we also separate our PayPal system from our account system, although someone who subpoenaed both companies and compared the logs second-by-second could probably figure it out.

This idea of security is a very library-ish one. Libraries generally try to protect patron data by not connecting the data to the patron, or by throwing it out immediately, not by encrypting it.

I think a fair compromise would be to hash passwords if the user has an email account—and clicks on a confirm link.


Oct 23, 2008, 12:16am Top

I understand the reasoning. As the net has developed, I think that for some people usernames have become nearly as good an identifier as email addresses. There are people on LT who I recognize from other systems. This may tend to undermine some of what you are trying to achieve.

Oct 23, 2008, 12:20am Top

>3 timspalding:

I need someone to agree or disagree with my plan. I think it's a good combo, but I need an amen...

Oct 23, 2008, 12:56am Top


Oct 23, 2008, 1:01am Top

Tim, your post taught me something about LT as well as internet security in general. I like both your original reasoning and the compromise. So ... amen.

>4 dcmdale: True, but of course it's the user's choice to recycle another user name. That said, it might be good practise for LT to alert users of the implications of what they're doing, and how using their standard approach to login & password might undermine their own security on LT in a way that wouldn't arise on other sites.

Oct 23, 2008, 3:33am Top

Sounds good to me.

I agree with >7 elenchus: That LT ought to give people some sort of alert that they are making an important choice about their Internet security when they sign up. Yes, I know that we are supposed to use different passwords for various websites... but seriously, given the number of sites many of us have been on at some time or another, only a computer could keep track of it all, not my brain. And I certainly didn't guess when I signed up that this would become so important to me.

Oct 23, 2008, 5:27am Top

Anyone internet savvy enough to sign up with a site should know that there are
( usually minor) risks involved, for the very reason that you mention.. many sites.

And with LT, it risk is indeed small, imo.

Oct 23, 2008, 10:03am Top

3> I thought that the idea was good enough it didn't need a second, but since you asked, yes it's a good idea.

Oct 23, 2008, 1:13pm Top

9: Totally agree.

3: Amen!

Oct 24, 2008, 3:26pm Top

3> I like it. So how would an established member get into the hashed group?

Group: Talk about LibraryThing

168,154 messages

This group does not accept members.


This topic is not marked as primarily about any work, author or other topic.


No touchstones

About | Contact | Privacy/Terms | Help/FAQs | Blog | Store | APIs | TinyCat | Legacy Libraries | Early Reviewers | Common Knowledge | 134,150,720 books! | Top bar: Always visible