|
|
|
|
|
|
by jperry
2557 days ago
|
|
|
Huh? How is this a solution? If your password gets leaked I can just: recognise that it's base64, decode it, see your salt and then all of your other passwords are essentially open to me? Edit: Oh, is the salt different for each site? I don't get why you'd ever do this instead of generating an entirely new password though, you aren't solving the storage problem. |
|
|
This doesn't solve all the other problems with this system, like what if there are multiple logins on the same domain? what if the site has esoteric password requirements? what if the requirements change? if your salt leaks you don't have a list of sites to know to go change your password. etc etc. Not my favorite solution for practical reasons, but it's cryptographically reasonable at least.