Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Password app

Jason Normand <jay at lentecs.com> writes:

> This sounds viable for sites that do not need high security, and that
> you do not use a lot. ?easy to just to keep the app available and
> quickly run the passwords as you need them. ?never hurts to have more
> tools available.
>
> this could be especially useful for times when you are using throw
> away accounts and do not want to keep the passwords in your primary
> password store.

It would be nice if they marketed it more like that.

I'm bothered by another possibility. What happens if they have to change
their algorithm or choice of salt? With a vault style application,
there's the possibility of upgrading its algorithms relatively
conveniently as long as you can convert your local pw db. Here you have
to change all your passwords to change algorithms or salt.

I wonder if something like this, maybe not with hmac-SHA256 and scrypt
specifically, has been tried before.

-- 
Mike Small
smallm at panix.com
BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix / webmaster@blu.org