[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [saag] SHA-1 to SHA-n transition

From: Nicolas Williams <Nicolas.Williams at sun.com>
To: Peter Gutmann <pgut001 at cs.auckland.ac.nz>
Cc: saag at ietf.org
Date: Tue, 3 Mar 2009 10:40:31 -0600
In-reply-to: <E1LeXZP-0000x0-NP at wintermute01.cs.auckland.ac.nz>
References: <0DE6E86D395C657BABF43B97 at minbar.fac.cs.cmu.edu> <E1LeXZP-0000x0-NP at wintermute01.cs.auckland.ac.nz>

On Wed, Mar 04, 2009 at 05:34:15AM +1300, Peter Gutmann wrote:
> Jeffrey Hutzelman <jhutz at cmu.edu> writes:
> >How do you expect users to remember not to give away their passwords when
> >they can't be bothered to remember to wash their hands or look both ways
> >before crossing a street?
> 
>  site_password = HMAC( user_password || 128-bit salt, site_URL );

I've had sundry such browser plugins installed and I still don't use
them.  I tried, but I stopped when I noticed that using such passwords
in my cell phone was a royal PITA.

Thanks, you've managed to depress me :)

You've also disproved my point and proved EKR's.  The clarity is welcomed.

References:
- Re: [saag] SHA-1 to SHA-n transition
  - From: Jeffrey Hutzelman
- Re: [saag] SHA-1 to SHA-n transition
  - From: Peter Gutmann

Prev by Date: Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n transition)
Next by Date: Re: [saag] Or grow a real PKI (Re: SHA-1 to SHA-n transition)
Previous by thread: Re: [saag] SHA-1 to SHA-n transition
Next by thread: Re: [saag] SHA-1 to SHA-n transition
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.