1 |
On Mon, Nov 30, 2009 at 09:29:30PM -0600, Penguin Lover Dale squawked: |
2 |
> chrome://messenger/locale/messengercompose/composeMsgs.properties: |
3 |
>> There is a tool I've used in the past called PasswordMaker. It uses a |
4 |
>> master password and a flexible set of parameters to generate passwords and |
5 |
>> if necessary, enter them on a site. |
6 |
|
7 |
<snip> |
8 |
|
9 |
>> Once you enter the master password and select the appropriate settings |
10 |
>> (length, character set, hashing algorithm etc etc), the password will be |
11 |
>> generated. You can also use the current website as a salt, so using the |
12 |
>> same settings will yield a different password for different sites. |
13 |
|
14 |
Isn't this just security by obscurity? You still use the same master |
15 |
password: so finding out the one password is enough to break into ALL |
16 |
your sites. The only additional protection you gain is by that the Bad |
17 |
Guys do not know that you are using the tool. The salt hardly matters: |
18 |
to make sure the plugin will behave the same if you run firefox from |
19 |
different computers, they are still using the same hash function and |
20 |
same salt for the same site. If someone is saavy enough to know the |
21 |
list of websites you access and the usernames you use to access them, |
22 |
then that someone should also be able to find out the tool you are |
23 |
using for the passwords. |
24 |
|
25 |
In the end, I think it offers only marginally more protection than |
26 |
having the same very strong password on all your sites. |
27 |
|
28 |
The only case I think "encryption"/hash approach is useful is when you |
29 |
have a low security account (say an online game, or a MUD that you |
30 |
connect to via telnet) whose password is transmited in plaintext. If |
31 |
you insist on only using one master password, and don't want to bother |
32 |
memorizing a different one for the low security account, I guess by |
33 |
passing your password through a one-way hash makes it harder for your |
34 |
other accounts to be compromised. But that's about it. |
35 |
|
36 |
Just my two cents |
37 |
|
38 |
W |
39 |
-- |
40 |
Where do you get Mercury? |
41 |
|
42 |
H.G. Wells |
43 |
Sortir en Pantoufles: up 1089 days, 8:58 |