[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <140afd55-0da0-e9cf-b092-6c52b7a15cdb@bestmx.net>
Date: Sun, 19 Jun 2016 20:16:21 +0200
From: "e@...tmx.net" <e@...tmx.net>
To: passwords@...ts.openwall.com
Subject: Re: Am I Overlooking any Practical Attacks?
>>> * Weak passwords are rejected. Weak means a Zxcvbn score < 3 (this
>>> parameter can be configured).
>> Let me guess, you do not have any definition of "weak/strong" at all.
> That comes across as needlessly hostile.
so, you admit, i am right.
no surprise at all.
>>> * Usernames aren't even used in the course of interacting with other
>>> users Your username is strictly used for
>>> authentication.
>> and what's the point?
> The point is to create a compartmentalization between your public
> identity and your access credentials.
Which is essentially a confusion of secure and public parts of the auth
credentials.
it is like: let's use SSN as your auth token, just do not show it
nobody, ok?
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
