[onerng talk] review of RNGs

Jim Cheetham jim at gonzul.net
Mon Jul 6 22:40:55 BST 2015


On Tue, Jul 7, 2015 at 5:08 AM, Bill Cox <waywardgeek at gmail.com> wrote:

> Also, while this is minor, your password methods on the site are too
> stringent, requiring an upper case, lower case, digit, and a symbol.  This
> means I will forget it each time I login, and I will have to go through the
> password recovery process each time.  I suspect I am in the majority.
>

It may not be strictly on-topic for this list, but CACert's password
complexity requirements fit in well with their actual goals, which are for
"strongly-identified individuals". In this case your goal seems to be "just
edit the wiki", so there's a mismatch.

If you engaged with CACert fully, you'd end up with a client certificate
that would handle your login - and responsibility for how you secure that
cert on your own system. But that takes more work.

Also, although Ian has done a lot of work with CACert, it isn't "his" in
any way. CACert belongs to its membership, basically.

:-)

So yes, but no.

-jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20150707/d5cd3ea5/attachment.html>


More information about the Discuss mailing list