Security Basics: Re: Password variation scheme a plus in security?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Re: Password variation scheme a plus in security?

From: "Stefan Schmidt" <Stefan.Schmidt () gmx net>
Date: Tue, 01 Jul 2008 11:00:27 +0200

If you don't want to use the same password for all sites, save the
passwords in an encrypted vault (e.g. KeePass [1]) and look them up
whenever needed.


I am using one of these password managers currently, but I find it rather inconvinient. A web-based open source 
solution would be nice, but I haven't found one.

DO NOT USE PASSWORDS DERIVED THROUGH DETERMINISTIC ALGORITHMS. EVER.

Kerckhoff's Principle explains why that is a bad thing.


Yes, security by obscurity is certainly a bad thing and if wanted a 100% secure solution I' certainly use a separate 
secure password for every single site, but I was looking for an alternative to grant me a 90% secure solution without 
the hassle. So my question was not "Is this secure ?" but rather "How likely is it for hackers to test for password 
schemes".

Stefan

By Date By Thread

Current thread:

Re: Password variation scheme a plus in security? Alexander Klimov (Jul 02)
- <Possible follow-ups>
- Re: Password variation scheme a plus in security? Gleb Paharenko (Jul 02)
  - Re: Password variation scheme a plus in security? Stefan Schmidt (Jul 02)
- Re: Password variation scheme a plus in security? Stefan Schmidt (Jul 02)