Quote:
Originally Posted by helterskelter808
No site of any kind should have to do this. Does Paxum actually store passwords in plain text too? Ie, is it possible to get your password by email as a 'reminder'? I doubt it, but then again I wouldn't expect any site to be so colossally inept as to send passwords via email under any circumstances in this day and age.
|
They store it in an md5 hash, you can see it in the cookie named 'toplabs' that they store when you login:
a:3:{s:4:"user";s:25:"
[email protected]";s:4:"pass";s :44:"passwordhashhere";s:2:"no";i:13;}
What they store in the cookie is what appears to be a base64-encoded md5 hash. It appears to be salted.