Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Apr 2016 07:00:03 +0200
From: Patrick Proniewski <>
Subject: Re: Password creation policies

On 08 avr. 2016, at 00:20, wrote:

>> We also provide our staff with a self hosted password storage web application.
> ../..
> Besides that, trusting your password to a program raises some certain "identity issues": You do not authenticate yourself in this case, you authenticate a program. I do not want to allow a program potentially impersonate myself.

In our particular case, the password safe can technically open some kind of sessions (rdp, ssh) on user's behalf but that's a very unpopular feature (web client...). Our goal here is to promote long and unique passwords by telling the user s/he is not forced to remember those pwd. It allows us to securely transmit passwords too (read only or read write delegation, or changing owners).


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.