Matt> But then, if I manage to brute force a password somewhere, Matt> doesn't that give me the correct credentials to authenticate Matt> everywhere else that shares the same set of credentials?
I'm just wondering how they generate the salt or seperate secret for each site, so that even though your password bcrypts to 'some long string', how do you keep it different enough for each site? So if I goto foo.com, and bar.com using the same password, how do I use a determanistic mechanism to hash/crypt/obfuscrate foo.com + my password so that it's hard for attackers, but trivial for me? That wasn't well explained at all on their site (I'm not going to watch videos...) at all. I like the idea... I just wonder about the details. _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
