

France to require unhashed password storage - ajhai
http://www.boingboing.net/2011/04/11/france-to-require-cl.html

======
rebecca
The comment a few in suggests that Boing Boing's claim isn't entirely true:

It's a shame BoingBoing have posted this several days after the story
initially broke but without actually following up on the newer information.

The act itself is now online at:

[http://www.legifrance.gouv.fr/affichTexte.do;jsessionid=?cid...](http://www.legifrance.gouv.fr/affichTexte.do;jsessionid=?cidTexte=JORFTEXT000023646013&dateTexte=&oldAction=rechJO&categorieLien=id)

And the relevant line as far as I can see is:

g) Le mot de passe ainsi que les données permettant de le vérifier ou de le
modifier, dans leur dernière version mise à jour ;

Which translates into:

g) The password and the information needed to verify or change, in their
latest updated version;

Well storing the hashed password value complies fully with this - to verify a
password, you simply hash the given value, and compare it to the stored
password. That's what password authentication already does.

