[TYPO3-english] TYPO3.ORG hacked

Peter Russ peter.russ at 4many.net
Sun Nov 16 22:13:36 CET 2008

--- Original Nachricht ---
Absender:   Dmitry Dulepov
Datum:       16.11.2008 21:29:
> Firsts, OpenID is different, it has nothing to do with md5. It is
> integrated to 4.3 and it is as secure as your DNS is secure and
> OpenID provider is secure.

What's about all the DNS trouble this year?

> Secondly, TYPO3 should stay compatible and it means offering non—md5
> passwords for FE users by default. This is *not* insecure unless you
> loose your BE password! md5 passwords will be not secure if they
> fall into hacker's hands, it should be clearly understood. md5s are
> breakable!

Sorry Dimitri, I didn't expect this answer:
1) Plain text in a plain unsecured transmission is UNSECURE -> Man in 
the middle ;-)
2) MD5 is NOT unsecure OR breakable: only week passwords are for 
nowerdays unsecure. Tomorrow it will be OpenID ;-)

Fiat lux!
Docendo discimus.
4Many® Services
XING: http://www.xing.com/go/invuid/Peter_Russ

More information about the TYPO3-english mailing list