[cryptography] Hi all, would like your feedback on something

Givon Zirkind givonne at gmx.com
Sun Dec 20 06:40:20 EST 2015


how does the following method address the issues of thsi problem?

password = E((long-term-secret, site-name, F[password]))

F[]=one of those programs that tries to ensure a strong password, by 
rejecting weak passwords

1.  passwords are not "generated".  they are thought up, by a person.  
but, they conform to a site's specs and/or the rules of a strong 
password. [caps, miniscules, letters, numbers, special characters, and 
restrictions against dictionary attacks'.]

2.  passwords can be changed.

3.  if the encryption algorithm is computationally secure, then the risk 
of the password file being compromised by having a password captured, is 
reduced or minimalized.

On 12/20/2015 6:20 AM, Givon Zirkind wrote:

1. The generated password may not confirm to the requirements of the site or service.
2. You cannot change the password a site if, say, there is a breach and you are told to change your password.
3. If one of your generated passwords is captured as plaintext (lots of sites store things as plaintext), it can be used for trying to crack your long term secret, from which they can then reconstruct all of your passwords.





More information about the cryptography mailing list