Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Privacy United States Your Rights Online

Feds Allegedly Demanding User Passwords From Services 339

Posted by Unknown Lamer
from the trust-no-one dept.
An anonymous reader writes "Following the /. story on the Feds demanding SSL keys, now comes news that the feds are demanding user passwords, and in some cases, the encryption algorithm and salt used. From the article: 'A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies "really heavily scrutinize" these requests, the person said. "There's a lot of 'over my dead body.'" ... Some of the government orders demand not only a user's password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. ... Other orders demand the secret question codes often associated with user accounts.' I'm next expecting to see the regulation or law demanding that all users use plain text for all web transactions, to catch terrorists and for the children."
This discussion has been archived. No new comments can be posted.

Feds Allegedly Demanding User Passwords From Services

Comments Filter:
  • Hmmm... (Score:5, Funny)

    by girlintraining (1395911) on Friday July 26, 2013 @12:14PM (#44391735)

    They can ask. All passwords are one-way hashed using a 16384 bit salt and run through 4,000 rounds of AES before being stored in the database. Over there in the corner is our custom-built core which does the password retrieval, comparison, and pass-fail out onto a RADIUS server. The network name is NSA_COCKBLOCK... feel free to have a copy of the algorithm and database.

  • by ebno-10db (1459097) on Friday July 26, 2013 @12:21PM (#44391825)

    just a few large-bag hit and runs could net millions in CC#.

    Credit cards? You think small. How about getting access to the Federal Reserve? Considering all the money they give away to bail out financial institutions that should be in receivership, you could probably take a few billion and it would be dismissed as a rounding error.

  • Re:Hmmm... (Score:4, Funny)

    by DigitAl56K (805623) on Friday July 26, 2013 @01:12PM (#44392359)

    The ROT-13 jokes are really getting old, and anyone who cares about their security has already upgraded to ROT-26.

... though his invention worked superbly -- his theory was a crock of sewage from beginning to end. -- Vernor Vinge, "The Peace War"