OVH Community, your new community space.

France Outlaws Hashed Passwords?

07-04-2011, 19:02
The actual French decree doesn't state anything remotely to what the title of that Slashdot entry implies. Nor is that the reason why Google, Facebook and others are challenging the decree. In short: it's scare mongering.

From the original English news reports:

The decree, published at the start of March, obliges e-commerce sites as well as video-music sites and online email services to keep a battery of data on their customers.

These include users' full names, associated postal address, pseudonyms, associated email addresses, telephone number, passwords and data used to check or modify them.

The data must be kept for a year and can be demanded in the context of an enquiry by police, the fraud office, customs, tax or social security authorities.
And here's the actual decree, translated into English using Google (click!). It states about passwords: "The password and the information needed to verify or change, in their latest updated version". That is: If a password is collected, it needs to be retained in whatever form it was saved. Cleartext, hashed, encrypted, whatever.

It's the personal data retention that Google, Facebook and friends are challenging.

07-04-2011, 14:14


Edit: surely each ovh subsidiarity are bound to the country laws in which its set up, regardless of the servers situ, no?