Everybody who isn’t interested in Encryption, the recent Blogger hack, or general Geek Talk, please skip to the next post.
That sure cleared out the room. For those of us left, there’s a good thread on MeFi about the recent Blogger hack. Most of the people posting there don’t realize that Blogger would need to get the password back into clear-text if it’s been encrypted prior to storage in the database.
Rusty does realize this, and made a wonderful suggestion:
- Enter your blogger password.
- Blogger takes the plaintext password you sent, encrypts it with MD5 as per my previous comment.
- Checks it against the Blogger password it has stored.
- If it checks out, then take the plaintext password that the user just sent you, and decrypt the FTP password with it.
- Use the FTP password as usual.
In fact, it’s such a good idea, I’ll implement it into my system this weekend.
Update: Actually, I don’t like this idea. If you’re forced to enter a password every time you FTP, why not just enter the FTP password itself?