I think it has even been mentioned on PSW within the past year and a half or so...Could be wrong though. Besides. IRONGEEK needs to use the IRONKEY!!!!! :)
On Wed, Jul 29, 2009 at 7:44 PM, Vincent Lape <[email protected]> wrote: > I think this has already been done. If memory serves me correctly Steve > Gibson talked about it on Security Now. > On Jul 29, 2009, at 4:40 PM, Adrian Crenshaw wrote: > > I'm sure by now the many of you here have heard of the asshatery that is > zero for 0wned (zf05.txt) and it's started me thinking about password > management across websites. > > Remembering a unique password for each and every site is hard to manage. > Now, what I currently do is have one password for finance stuff, another for > website related stuff and yet another for forums I've visited, sort of by > level of how much I care if they get compromised. Still, it's a pain to go > around changing passwords when you hear Binrev or Hak5 got hacked and your > not sure if they got your credintials. > > I was wondering if this schem is workable from a security standpoint, and > if someone has already implemented it into a Firefox plugin. Lets say you do > this, take a password you use everywhere, conatinate it with the domain name > of the site you are making a password for, then take the md5 hash and use it > as your password.For example, if my password was "mypassword" and I were > using it on Pauldotcom.com: > > > md5("mypasswordpauldotcom.com") = "4b7958e4302cae2836f1c05532f835f4" > > This way, it's still easy to remeber, but even if an attacker gets the > plain text from what is store on the site (4b7958e4302cae2836f1c05532f835f4 > in this case), they can't use it to compromise account on other sites since > your password would be different, for example: > > md5("mypasswordirongeek.com") = "1c96d14e6e048924cabf3009b064958f" > > Do you see any major weaknesses in this scheme? Anyone know how to > implement a Firefox plugin to simplify it? > > Thanks, > Adrian > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
