On Tue, Nov 23, 2010 at 10:06 AM, <[email protected]> wrote: > > > Well, there would need to be a separate recovery password, and then the > > original password simply becomes redundant from a security point of view. > That's how it works in all password recovery system on internet. > Usually, it's an answer to a question. Granted, there is also the > "send to this email" option we can't have in freenet (afaics). >
Yes, typically on the Internet its just an answer to a question, but effectively this is just another password - although it will often be a password that is much easier to do a dictionary attack on (eg. "Name a favorite place?" - it wouldn't take long to test every place-name on the planet that people are likely to provide). > Anyway, for now we can just agree on having only non password > protected identities. If someone have a master password, we ask him > when launching the node (dunno how it is handled right now). I just wish we could focus on actual usability issues, and try to avoid getting sidetracked as we've been with this whole issue of identities and passwords. Ian. -- Ian Clarke CEO, SenseArray Email: [email protected] Ph: +1 512 422 3588
_______________________________________________ Devl mailing list [email protected] http://freenetproject.org/cgi-bin/mailman/listinfo/devl
