[cap-talk] Why petnames should not be used for password hashes.
M. Scott Doerrie
mdoerri at cs.jhu.edu
Thu Aug 25 18:28:58 EDT 2005
David Hopwood wrote:
> M. Scott Doerrie wrote:
>> Karp, Alan H wrote:
>>> Do you mean http sites? That's very dangerous since there's no way to
>>> verify who you're really talking to. PwdHsh uses part of the URL for
>>> https sites, but I don't see how you can change a password without
>>> ending up with a different one for each site.
>> That's exactly the case that petnames can't handle: when I would like
>> to authenticate myself, without authenticating the entity I'm
>> communicating with. In many cases, such as being at a public
>> terminal reading news or blogs from sites that "need" a password.
> The vast majority of such sites should not be using passwords.
> I have a high-security login, a low-security login, and a "why the hell
> does this need a password at all?" login. The latter is username
> password "foobar", and you're free to use it.
Agreed. I recognize that I am having a discussion about how to patch a
broken authentication system (generic passwords) when the tools to build
a better one already exist, but are not widely in use.
More information about the cap-talk