On 08/12/2014 03:06 PM, Greg Freemyer wrote:
The real problem is not your password, its the sites out there.
I agree with your real world, but I'm arguing you need a password algorithm that at a minimum can and does use at least 18 chars of password info and you need to actually have an obscure 18-char (or longer) password.
As I said earlier in this thread, I have no problem with long pass-Phrases. I just think that most sites out there will mangle or truncate them, so rendering them irrelevant.
With those 2 minimum features, the use of salt or highly sophisticated encryption algorithms seems much less important.
OTS software to apply salting and modern/strong irreversible hashes are cheap and easy. That they are also easy to miss-apply of you have people grabbing them as FOSS without understanding how to set up web services, databases and FOSS experience is something we have little to no control over. *sigh* -- A distracted figure with a huge bushy beard blunders in just as you speak the word of ancient magic. The man wears loose clothing, and an expression of intense concentration. He is clutching his frizzy hair with one hand; his other hand grips an intricate grid - the object of his attention. His eyes brighten the word you've spoken reaches his ears. "Yes! Yes! That's it!" he exclaims as he draws out a pen and fills in a row of squares. "Now my hyperconstrained, double-acrostic, cryptic crossword is complete, and ready to puzzle others. That was all I needed - just a simple five-letter word, composed only of the letters 'X' 'Y' and 'Z,' that would fit here!" He grips your hand and shakes it fervently. "Thank you! Now that I've finished with that, I can get on to those other things I've been meaning to do, such as monkey-wrenching the demolition and saving recreational linguistics for future generations." He turns away and mutters, just before he departs, "I hope none of that will involve lying in front of a bulldozer..." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org