Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CANWtx03u9AvU0Z-_oFi0j=KhTxsZ6DZNtdyt12C6KWCKCFK45g@mail.gmail.com>
Date: Tue, 21 Aug 2012 10:46:15 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Arstechnica Password article (feat. Matt Weir)

On Tue, Aug 21, 2012 at 10:27 AM, Simon Marechal <bartavelle@...il.com> wrote:
> On 21/08/2012 16:17, Samuele Giovanni Tonon wrote:
>> And what about services like "last pass": aren't we just moving our
>> problems to the "simple one" of the relying entirely our security on one
>> single master password ? it's kind scary .
>
> Most people are already relying their entire security on one single
> master password : that of their main e-mail account. This is because of
> the password recovery options.
True, I personally think you're better off with a wallet/passwordsafe
application that you use a few passwords to help you remember dozens
of others inside of. A users OpenID password increases it's "value"
with each site that is added. Phishing/CSRF/XSS/MitM are all factors
that have and still affect such "services". A second factor can be
added to OpenID like services, sms challenge or OTP type things, but
you might as well have a unique login and password in a wallet that is
in your control. I don't trust any "cloud" service with anything
really valuable :)
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.