[BBLISA] Reusing Passwords on Different Sites Should be OK
John Stoffel
john at stoffel.org
Thu Sep 17 17:20:55 EDT 2015
Matt> But then, if I manage to brute force a password somewhere,
Matt> doesn't that give me the correct credentials to authenticate
Matt> everywhere else that shares the same set of credentials?
I'm just wondering how they generate the salt or seperate secret for
each site, so that even though your password bcrypts to 'some long
string', how do you keep it different enough for each site?
So if I goto foo.com, and bar.com using the same password, how do I
use a determanistic mechanism to hash/crypt/obfuscrate foo.com + my
password so that it's hard for attackers, but trivial for me?
That wasn't well explained at all on their site (I'm not going to
watch videos...) at all. I like the idea... I just wonder about the
details.
More information about the bblisa
mailing list