What are the drawbacks of forcing companies to reveal their password schemes?
I'm talking about something where public companies like Google, Microsoft, Sony etc are bound by law to reveal information about how they secure your passwords (and possibly data?).
I also don't mean reveal their entire infrastructure or algorithms. Just something that says eg.
"We don't store your password. We stored a salted hash in a secure location that only two people have access to. We use a hashing algorithm that's known to be secure in combination with another scheme developed by our own cryptographers."
0 comments
[ 4.1 ms ] story [ 7.6 ms ] threadNo comments yet.