Quote:
|
Originally Posted by RawAlex
Okay, here is my couple of cents worth on this:
In many security schemes, passwords are encoded - often the encoding scheme is one way. Past passwords are often stored (ENCODED, I might add) in a "past passwords" file. When you go to change your password, the new password you request is encoded and compared to the encoded items on the past password list. If there is a match (encode to encoded) they will decline the password.
There is no way to determine what that encoded password is, therefore no way to easily recover as password except to issue a new one.
Nice conspiracy theory, but sorry, common sense in programming and security says "fake drama" all over your thread.
|
Yes, this is all true. But, if there was corruption in the DB, as they have claimed (we'll, actually, all they have said is a "DB problem", whatever the hell that means), then the encoded hashes that were our old passwords would have been changed (corrupted) and the login/changepass scripts would not see a match. But in this case, they do see a match. Which means that ePass had something happen there and the reason we could all log into our accounts was something other than what they said it was.