Reply to post: Re: Actual e-mail received from Talk Talk

Chaos at TalkTalk: Data was 'secure', not all encrypted, we took site down, were DDoSed

Anonymous Coward
Anonymous Coward

Re: Actual e-mail received from Talk Talk

"We will only ever ask for two digits from it to protect your security."

Which implies totally insecure practice of storing password in plain text"

Not necessarily. Each digit/letter could be hashed and salted independently; it would enable this sort of check without saving anything in plaintext or decryptable format. Now as for the odds that TalkTalk indeed did this...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon