BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Reusing Passwords on Different Sites Should be OK
- Subject: [Discuss] Reusing Passwords on Different Sites Should be OK
- From: bill.n1vux at gmail.com (Bill Ricker)
- Date: Thu, 17 Sep 2015 22:11:07 -0400
- In-reply-to: <BLUPR04MB3698EA7D9AD9CF808062D89DC5A0@BLUPR04MB369.namprd04.prod.outlook.com>
- References: <BLUPR04MB3699329CB5E010185E50399DC5A0@BLUPR04MB369.namprd04.prod.outlook.com> <55FB23FE.3080909@mattgillen.net> <BLUPR04MB3698EA7D9AD9CF808062D89DC5A0@BLUPR04MB369.namprd04.prod.outlook.com>
Reusing passwords requires the users to know that the encryption is of a safe variety. Most users are not qualified to tell good crypto from bad crypto. Heck, most programmers can't be qualified to use good cypto correctly. Password Encryption done client-side must be handled very carefully to avoid replay attacks yet still actually validate something. Sounds like a half-hearted attempt at Challenge-response. tl;dr No. ?
- Follow-Ups:
- [Discuss] Reusing Passwords on Different Sites Should be OK
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Reusing Passwords on Different Sites Should be OK
- References:
- [Discuss] Reusing Passwords on Different Sites Should be OK
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Reusing Passwords on Different Sites Should be OK
- From: me at mattgillen.net (Matthew Gillen)
- [Discuss] Reusing Passwords on Different Sites Should be OK
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Reusing Passwords on Different Sites Should be OK
- Prev by Date: [Discuss] java keytool x.509 error
- Next by Date: [Discuss] java keytool x.509 error
- Previous by thread: [Discuss] Reusing Passwords on Different Sites Should be OK
- Next by thread: [Discuss] Reusing Passwords on Different Sites Should be OK
- Index(es):