Jump to content
Posted 24 April 2011 - 02:30
Posted 24 April 2011 - 02:33
Posted 24 April 2011 - 02:44
That, my friend is ridiculous. I never really checked out D2D as I was never a huge PC gamer, but is there a reason you do not use Steam? I doubt Valve would allow this type of behavior.
Posted 24 April 2011 - 02:48
Posted 24 April 2011 - 03:25
I would still say that the data will be encrypted, but it will be 2-way encryption, instead of doing what everyone else does and use a hash. Still, that's pretty apalling to email you your password. I have had websites do that to me as a "forgot your password" reminder, and it still makes me uneasy.
Posted 24 April 2011 - 11:49
Well then, maybe I've over-reacted.
However, given that the e-mail was automated, wouldn't that suggest that the pass-phrase / function used to encrypt the password would be found somewhere in the source code? If an attacker were to gain access to the database, then they could also gain access to the back-end code as well.
Posted 24 April 2011 - 13:47
Posted 24 April 2011 - 20:14
You should email / call about this. It may not make a difference, but still bring it to their attention.
Man, that's some short password you got there.
Posted 24 April 2011 - 22:27
Posted 25 April 2011 - 15:05
They generate the random password, send it to you in an email, then hash it before it is put in the database. It's not retrievable in plain text after this point.
It's odd that they'd send you your actual password like that. I wouldn't be too worried though. A lot of services send you a randomly generated password after requesting a new password. I don't think it's any different in terms of security.
Posted 25 April 2011 - 15:36
Posted 26 April 2011 - 00:32
I Think that is suppose to be a temp password, it auto created an account for you so u can login. Whom ever sent you a gift, sent it to a email address that did not have an account.