[Discuss] Password app

Mike Small smallm at panix.com
Fri Oct 10 15:00:27 EDT 2014


Jason Normand <jay at lentecs.com> writes:

> This sounds viable for sites that do not need high security, and that
> you do not use a lot.  easy to just to keep the app available and
> quickly run the passwords as you need them.  never hurts to have more
> tools available.
>
> this could be especially useful for times when you are using throw
> away accounts and do not want to keep the passwords in your primary
> password store.

It would be nice if they marketed it more like that.

I'm bothered by another possibility. What happens if they have to change
their algorithm or choice of salt? With a vault style application,
there's the possibility of upgrading its algorithms relatively
conveniently as long as you can convert your local pw db. Here you have
to change all your passwords to change algorithms or salt.

I wonder if something like this, maybe not with hmac-SHA256 and scrypt
specifically, has been tried before.

-- 
Mike Small
smallm at panix.com



More information about the Discuss mailing list