Security Basics mailing list archives

Re: Password variation scheme a plus in security?

From: "Stefan Schmidt" <Stefan.Schmidt () gmx net>
Date: Tue, 01 Jul 2008 11:00:27 +0200

If you don't want to use the same password for all sites, save the
passwords in an encrypted vault (e.g. KeePass [1]) and look them up
whenever needed.


I am using one of these password managers currently, but I find it rather inconvinient. A web-based open source 
solution would be nice, but I haven't found one.

DO NOT USE PASSWORDS DERIVED THROUGH DETERMINISTIC ALGORITHMS. EVER.

Kerckhoff's Principle explains why that is a bad thing.


Yes, security by obscurity is certainly a bad thing and if wanted a 100% secure solution I' certainly use a separate 
secure password for every single site, but I was looking for an alternative to grant me a 90% secure solution without 
the hassle. So my question was not "Is this secure ?" but rather "How likely is it for hackers to test for password 
schemes".

Stefan

Current thread:

Re: Password variation scheme a plus in security? Alexander Klimov (Jul 02)
- <Possible follow-ups>
- Re: Password variation scheme a plus in security? Gleb Paharenko (Jul 02)
  - Re: Password variation scheme a plus in security? Stefan Schmidt (Jul 02)
- Re: Password variation scheme a plus in security? Stefan Schmidt (Jul 02)