On Wed, Sep 08, 2010 at 08:37:20PM -0700, Chris Palmer wrote: > Jon Callas already hinted at the real solution. Don't be clever. When you > change your policy, add code that updates the user's password hash upon next > login.
I understand your point, but I think it's fair to ask "can we do better?" Your implication is, "don't try, don't even discuss trying". I think that's a cop out, intellectually lazy, and boring; but sure, it avoids the risks associated with any change. > Understandable, testable, safe. When 25% of your users never log in again, I would add "...for small values of safe". -- I find your ideas intriguing and would like to subscribe to your newsletter. My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email [email protected] to get blacklisted.
pgpTKJXdl4Yrr.pgp
Description: PGP signature
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
