[cryptography] Hi all, would like your feedback on something

Brian Hankey bhankey at gmail.com
Mon Dec 21 10:29:58 EST 2015


>> 
>> This, and things like 
>> 
>> 
>> @inproceedings{BonneauSchechter2014:USENIX,
>> 	Address = {San Diego, CA},
>> 	Author = {Bonneau, Joseph and Schechter, Stuart},
>> 	Booktitle = {23rd USENIX Security Symposium (USENIX Security 14)},
>> 	Month = Aug,
>> 	Pages = {607--623},
>> 	Publisher = {USENIX Association},
>> 	Title = {Towards Reliable Storage of 56-bit Secrets in Human Memory},
>> 	Year = {2014}}
>> 
>> https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/bonneau <https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/bonneau>
>> 
>> are great. But the problem is that there is so far no testing (or reason to believe) that people will be able to do that for dozens of independent passwords. So those training schemes are good for something like a Master Password for some password management system, but they are not useful for the scores of passwords that people need to use.
> 

There is an in depth reply to the rest stuck in the moderation queue for being too long but now that I watched this I will respond.  Very cool.  Interesting research.

I also thought this was great:

https://telepathwords.research.microsoft.com <https://telepathwords.research.microsoft.com/>

The funny thing is, it doesn’t seem to like hashes very much. If really thought hard about how to “beat the system” I was able to get to perhaps character 20 or something before I got a red X for typing a “u”.

Thanks for this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20151221/ca697094/attachment-0001.html>


More information about the cryptography mailing list