You're right, sharing of master passwords is a bad idea. But given human nature, it happens, and a security system needs to take that into account. There are also a lot of other ways a master password can be compromised and thus need rolling over, e.g. shoulder-surfing, virus keyloggers, theft of PC where web browser "remembered" it, etc.
So... it would be a *big* plus to have a way to rollover the master password without having to manually re-visit and re-password each website. -- -- "Jonathan Thornburg [remove -animal to reply]" <[email protected]> Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA "Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral." -- quote by Freire / poster by Oxfam _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
