lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 24 Mar 2008 15:17:44 +0000
From: "Petko D. Petkov" <pdp.gnucitizen@...glemail.com>
To: "John C. A. Bambenek, GCIH, CISSP" <bambenek.infosec@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, Larry Seltzer <Larry@...ryseltzer.com>
Subject: Re: OpenID. The future of authentication on the
	web?

what about usernames? you still need to keep track of your usernames
since sometimes your preferred username is either taken or not
possible or you need to login via email or any other peculiarity the
site supports.

On Mon, Mar 24, 2008 at 2:43 PM, John C. A. Bambenek, GCIH, CISSP
<bambenek.infosec@...il.com> wrote:
> I would disagree.  One could simply create a template password and then salt
> it with some acronym for the site in question.
>
> For instance, S0m3p4ss!### where ### is a 3-letter acronym for the site they
> are accessing.  Still need only one password to remember and you don't
> necessarily have a single point of 0wnership anymore.
>
>
>
> On Sun, Mar 23, 2008 at 7:04 PM, Larry Seltzer <Larry@...ryseltzer.com>
> wrote:
> >
> > >>I understand the attractiveness of not having to remember lots of IDs
> > and passwords, but when you give up control of your data, you give up
> > control of your future.
> >
> > Normal people aren't going to remember enough passwords, let alone
> > strong passwords, to make that control meaningful. I do get your point,
> > but I bet that the best alternative is to give them one set of
> > credentials and make it as strong as possible.
> >
> >
> > Larry Seltzer
> > eWEEK.com Security Center Editor
> > http://security.eweek.com/
> > http://blogs.pcmag.com/securitywatch/
> > Contributing Editor, PC Magazine
> > larry.seltzer@...fdavisenterprise.com
> >
> > _______________________________________________
> >
> >
> >
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
> _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
>



-- 

Petko D. (pdp) Petkov | GNUCITIZEN | Hakiri | Spin Hunters

gnucitizen.org | hakiri.org | spinhunters.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ