fluffmuffin, peppercorn, gilligan — those are just a few of our users' plain text passwords.
I have 80,000 more, and it only took me 87 seconds to gather them from our customer database in a white-hat attack.
In Act I, we'll cover the history of secure password storage, examine the hack, and mitigate the threat. Act II will address the difficulties of working on libraries with complicated external dependencies (like bcrypt-ruby, of which I'm now a maintainer). In Act III, we'll celebrate the power of global collaboration via OSS.