What are the drawbacks of forcing companies to reveal their password schemes?

3 points by ilitirit ↗ HN
I'm talking about something where public companies like Google, Microsoft, Sony etc are bound by law to reveal information about how they secure your passwords (and possibly data?).

I also don't mean reveal their entire infrastructure or algorithms. Just something that says eg.

"We don't store your password. We stored a salted hash in a secure location that only two people have access to. We use a hashing algorithm that's known to be secure in combination with another scheme developed by our own cryptographers."

0 comments

[ 4.1 ms ] story [ 7.6 ms ] thread

No comments yet.