Date: Tue, 21 Aug 2012 13:19:05 -0400 (EDT) From: "Brad Tilley" <brad@...ystems.com> To: john-users@...ts.openwall.com Subject: Re: Arstechnica Password article (feat. Matt Weir) Hi Samuele, > btw i'm quite interested by all this articles against password reuse > while at the same time there are a lot of people asking for single sign > on over the web, isn't something contradictory ? I agree. Single sign on is single point of compromise. However, users and auditors love it for its convenience and central administration. It's very easy to audit that employee X was deactivated within X hours of termination, etc. > And what about services like "last pass": aren't we just moving our > problems to the "simple one" of the relying entirely our security on one > single master password ? it's kind scary . I agree with you again! I wrote SHA1_Pass several years ago, because I disagree with traditional password managers and how they store and then retrieve passwords: http://16s.us/sha1_pass/why/ Brad > Cheers > Samuele
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.