RE: Security awareness (Re: Questions regarding using ciphers as stream ciphers)

bram (bram@gawth.com)
Wed, 28 Apr 1999 11:18:38 -0700 (PDT)

• Next message: mgraffam@idsi.net: "Re: SSL + PGP"
• Previous message: Daniel J. Frasnelli: "Re: Security awareness (Re: Questions regarding using ciphers as stream ciphers)"
• In reply to: bram: "Re: Security awareness (Re: Questions regarding using ciphers as stream ciphers)"
• Next in thread: Bill Frantz: "RE: Security awareness (Re: Questions regarding using ciphers as stream ciphers)"
• Reply: Bill Frantz: "RE: Security awareness (Re: Questions regarding using ciphers as stream ciphers)"

On Wed, 28 Apr 1999, Salz, Rich wrote:

> >The alternative is to write them all
> >down in one place
>
> Or pick a random "base" and then add obvious per-site info, as in
> xyzzy.microsoft
> xyzzy.nytimes
> xyzzy.clublove
> etc...

That's a pretty good idea - it reduces significantly the risk of someone
extending a breach of one password to another, since an automated tool
which just reuses all the passwords elsewhere won't work. It still does
allow for breaches of passwords in one place to extend elsewhere though.

-Bram

• Next message: mgraffam@idsi.net: "Re: SSL + PGP"
• Previous message: Daniel J. Frasnelli: "Re: Security awareness (Re: Questions regarding using ciphers as stream ciphers)"
• In reply to: bram: "Re: Security awareness (Re: Questions regarding using ciphers as stream ciphers)"
• Next in thread: Bill Frantz: "RE: Security awareness (Re: Questions regarding using ciphers as stream ciphers)"
• Reply: Bill Frantz: "RE: Security awareness (Re: Questions regarding using ciphers as stream ciphers)"