I read today of another password hacker who has managed to get 1000's of
Twitter passwords.

This perplexes me.

One would assume that the people programming these portals are wise enough
not to store the passwords in plain text.  But I would have thought a
better approach would be not to store the password itself - whether in
plain text or encrypted - but to store some sort of digest.

If they steal a digest of your password such as a It must be much harder
for them to crack.  I assume that when a news item talks about 100's of
passwords being compromised, they mean 100's of passwords were stolen, and
able to be read by the hacker.

Does anybody know any anecdotal evidence of how these big players who have
been compromised are storing their passwords?

Incidentally this
article<http://throwingfire.com/storing-passwords-securely/>gives a
good run-down of hashed password techniques, including (Python)
code examples..
--=20
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.