BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] 19,000 person company passwords stolen via HTTPS
- Subject: [Discuss] 19,000 person company passwords stolen via HTTPS
- From: richard.pieri at gmail.com (Rich Pieri)
- Date: Tue, 6 Oct 2015 20:39:04 -0400
- In-reply-to: <C35DFD38-245D-4B20-BD0D-717A0EFE9B72@gmail.com>
- References: <BLUPR04MB369931CAF23BF8AD78B3003DC370@BLUPR04MB369.namprd04.prod.outlook.com> <5613E03B.5060900@gmail.com> <06D81B5F-E028-467A-8CCC-96B5AE1F2D6C@gmail.com> <BLUPR04MB36986C34B8A2EDA4C94DE55DC370@BLUPR04MB369.namprd04.prod.outlook.com> <561456F8.1040805@gmail.com> <0543395C-D129-46D0-A347-B36AD988831E@icloud.com> <56145F66.5080303@gmail.com> <C35DFD38-245D-4B20-BD0D-717A0EFE9B72@gmail.com>
On 10/6/2015 8:01 PM, Dr. Anthony Gabrielson wrote: > PGP is not a monolithic data store although it can interface with > one. DoD encryption boxes are not monolithic. It all depends on the > model and how trust is defined and established. /etc/passwd is. So is every web service authentication system that I've ever seen in production. > What are your requirements and why? Reliable, verifiable authentication that scales globally without any party having more than one set of credentials in their possession. Because the only way to guarantee that 19,000 company (or 37 million Ashley Madison) passwords/hashes/ciphers/whatever can't be stolen in a massive breach is not to have 19,000 company (or 37 million Ashley Madison) passwords/hashes/ciphers/whatever in one place. -- Rich P.
- References:
- [Discuss] 19,000 person company passwords stolen via HTTPS
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] 19,000 person company passwords stolen via HTTPS
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] 19,000 person company passwords stolen via HTTPS
- From: agabriel2 at gmail.com (Dr. Anthony Gabrielson)
- [Discuss] 19,000 person company passwords stolen via HTTPS
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] 19,000 person company passwords stolen via HTTPS
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] 19,000 person company passwords stolen via HTTPS
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] 19,000 person company passwords stolen via HTTPS
- From: agabriel2 at gmail.com (Dr. Anthony Gabrielson)
- [Discuss] 19,000 person company passwords stolen via HTTPS
- Prev by Date: [Discuss] 19,000 person company passwords stolen via HTTPS
- Next by Date: [Discuss] "Plan for More Secure, Reliable Wi-Fi Routers"
- Previous by thread: [Discuss] 19,000 person company passwords stolen via HTTPS
- Next by thread: [Discuss] "Plan for More Secure, Reliable Wi-Fi Routers"
- Index(es):
