Date: Sun, 19 Jun 2016 20:16:21 +0200 From: "e@...tmx.net" <e@...tmx.net> To: passwords@...ts.openwall.com Subject: Re: Am I Overlooking any Practical Attacks? >>> * Weak passwords are rejected. Weak means a Zxcvbn score < 3 (this >>> parameter can be configured). >> Let me guess, you do not have any definition of "weak/strong" at all. > That comes across as needlessly hostile. so, you admit, i am right. no surprise at all. >>> * Usernames aren't even used in the course of interacting with other >>> users Your username is strictly used for >>> authentication. >> and what's the point? > The point is to create a compartmentalization between your public > identity and your access credentials. Which is essentially a confusion of secure and public parts of the auth credentials. it is like: let's use SSN as your auth token, just do not show it nobody, ok?
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.