Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 19 Jun 2016 20:16:21 +0200
From: "e@...tmx.net" <e@...tmx.net>
To: passwords@...ts.openwall.com
Subject: Re: Am I Overlooking any Practical Attacks?

>>>         * Weak passwords are rejected. Weak means a Zxcvbn score < 3 (this
>>>         parameter can be configured).

>>     Let me guess, you do not have any definition of "weak/strong" at all.

> ‚ÄčThat comes across as needlessly hostile.

so, you admit, i am right.
no surprise at all.


>>>         * Usernames aren't even used in the course of interacting with other
>>>         users  Your username is strictly used for
>>>         authentication.

>>     and what's the point?

> ‚ÄčThe point is to create a compartmentalization between your public
> identity and your access credentials.

Which is essentially a confusion of secure and public parts of the auth 
credentials.
it is like: let's use SSN as your auth token, just do not show it 
nobody, ok?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.