[cryptography] Hi all, would like your feedback on something
givonne at gmx.com
Sun Dec 20 06:40:20 EST 2015
how does the following method address the issues of thsi problem?
password = E((long-term-secret, site-name, F[password]))
F=one of those programs that tries to ensure a strong password, by
rejecting weak passwords
1. passwords are not "generated". they are thought up, by a person.
but, they conform to a site's specs and/or the rules of a strong
password. [caps, miniscules, letters, numbers, special characters, and
restrictions against dictionary attacks'.]
2. passwords can be changed.
3. if the encryption algorithm is computationally secure, then the risk
of the password file being compromised by having a password captured, is
reduced or minimalized.
On 12/20/2015 6:20 AM, Givon Zirkind wrote:
1. The generated password may not confirm to the requirements of the site or service.
2. You cannot change the password a site if, say, there is a breach and you are told to change your password.
3. If one of your generated passwords is captured as plaintext (lots of sites store things as plaintext), it can be used for trying to crack your long term secret, from which they can then reconstruct all of your passwords.
More information about the cryptography