I recently forgot my DreamHost password, and clicked on the link to have it emailed to me. I was shocked to see the email show up with a clear-text password. I don’t mean a newly generated password that I could use to login with, but my old password sent to me in clear text.
Is DreamHost storing user passwords without any sort of hashing… not a good idea (especially given what happened to Sony last week). Or am I missing something? I didn’t think it was possible to recover someone’s password from a password file without some vicious math and a lot of time.