Return-Path: X-Original-To: apmail-shiro-dev-archive@www.apache.org Delivered-To: apmail-shiro-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E34862D5E for ; Mon, 25 Apr 2011 18:30:18 +0000 (UTC) Received: (qmail 14666 invoked by uid 500); 25 Apr 2011 18:30:18 -0000 Delivered-To: apmail-shiro-dev-archive@shiro.apache.org Received: (qmail 14644 invoked by uid 500); 25 Apr 2011 18:30:18 -0000 Mailing-List: contact dev-help@shiro.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@shiro.apache.org Delivered-To: mailing list dev@shiro.apache.org Received: (qmail 14636 invoked by uid 99); 25 Apr 2011 18:30:18 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Apr 2011 18:30:18 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.85.218.45] (HELO mail-yi0-f45.google.com) (209.85.218.45) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Apr 2011 18:30:13 +0000 Received: by yib19 with SMTP id 19so913342yib.32 for ; Mon, 25 Apr 2011 11:29:52 -0700 (PDT) MIME-Version: 1.0 Received: by 10.236.185.41 with SMTP id t29mr4281657yhm.160.1303756192237; Mon, 25 Apr 2011 11:29:52 -0700 (PDT) Sender: les.hazlewood@anjinllc.com Received: by 10.236.102.161 with HTTP; Mon, 25 Apr 2011 11:29:52 -0700 (PDT) In-Reply-To: <4DB52449.3020706@gmail.com> References: <4DB52449.3020706@gmail.com> Date: Mon, 25 Apr 2011 11:29:52 -0700 X-Google-Sender-Auth: v5jtD6YVd9b26nIk0EWdfiX4n3Y Message-ID: Subject: Re: France to require unhashed password storage From: Les Hazlewood To: dev@shiro.apache.org Content-Type: text/plain; charset=UTF-8 That is absolutely insane! I hope the IT organizations in France fight this. It puts all of them at extreme risk/liability. Clearly the lawmakers are clueless - it is the citizens' duty to overturn this. Wow... Les On Mon, Apr 25, 2011 at 12:35 AM, Emmanuel Lecharny wrote: > On 4/25/11 6:48 AM, Alan D. Cabrera wrote: >> >> Interesting >> >> http://boingboing.net/2011/04/11/france-to-require-cl.html > > That's crazy ! This has been voted in february, and requires that any > provider has to keep the password and the data needed to check it. > > In other words, you must store a two-ways encrypted password. This is a > MAJOR security risk. I don't even understand how possibly such a law can > have been voted silently without anybody noticed it... > > Time to make some noise around it, now. > > Man, is France worse than Libya, Syria or Iran ?