<<< Date Index >>>     <<< Thread Index >>>

Re: Mutt Next Generation

On Thu, 27 Jan 2005 21:24:03 -0500, Derek Martin said:

> to use a different password for every individual thing they access
> increases the probability that they will not remmember their
> passwords, and that makes it more likely they will choose bad
> passwords.  It makes it more likely that their passwords will need to

Okay, let the user choose one password but derive the actual passwords
from that master password.  This technique has been used for more than
25 years and still is what protects virtually all money transfers.

I agreed that administration is not that easy anymore.  However it is
strange to see how many people demand 2 and 4k public keys while at
the same time protecting their systems in such a fragile way.

> it may be possible to retrieve both parts of someone's key, especially
> since it may be likely they have both parts stored on a server used
> for e-mail.  Using man-in-the-middle techniques, it may be possible to

If you need to store the user's secret part of a public key pair on a
server, your setup is seriously flawed.


Shalom-Salam,

   Werner