Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <52587.128.173.192.90.1345569545.squirrel@webmail.tuffmail.net>
Date: Tue, 21 Aug 2012 13:19:05 -0400 (EDT)
From: "Brad Tilley" <brad@...ystems.com>
To: john-users@...ts.openwall.com
Subject: Re: Arstechnica Password article (feat. Matt Weir)

Hi Samuele,

> btw i'm quite interested by all this articles against password reuse
> while at the same time there are a lot of people asking for single sign
> on over the web, isn't something contradictory ?

I agree. Single sign on is single point of compromise. However, users and
auditors love it for its convenience and central administration. It's very
easy to audit that employee X was deactivated within X hours of
termination, etc.

> And what about services like "last pass": aren't we just moving our
> problems to the "simple one" of the relying entirely our security on one
> single master password ? it's kind scary .

I agree with you again! I wrote SHA1_Pass several years ago, because I
disagree with traditional password managers and how they store and then
retrieve passwords:

http://16s.us/sha1_pass/why/

Brad

> Cheers
> Samuele

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.