Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 May 2018 23:13:41 +0200
From: "e@...tmx.net" <e@...tmx.net>
To: passwords@...ts.openwall.com
Subject: Re: Keeping old passwords

On 05/16/2018 10:50 PM, Caleb White wrote:
> 
> On 05/16/2018 4:14 PM, e wrote:
>> especially when they have no information to make this decision.

> but I feel that you are arguing from emotion and not reason in this specific case.

based on a FEELING you accuse somebody else of emotional judgement
The irony is so thick!

I am arguing from the definition of a password auth.
A password is the only key that distinguishes myself from somebody else.
IP is not even an attribute of MYSELF.
I bear no responsibility for the IPs assigned to my pub interface.
And Google has no information about my password's local handling
they simply have no access to any aspect of me handling my password.
...hopefully, they have not.

And, by the way, i DO travel, just like most people.


> Unless they are willing to make the dangerous assumption that Tor traffic is safe

what do you mean "safe"?
and why do you think they have a right to make any assumptions
about any traffic that contains a legitimate password.

> Most users probably only log in from a few IPs in a discrete geographic area

wrong.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.