[cryptography] Hi all, would like your feedback on something

Brian Hankey bhankey at gmail.com
Wed Dec 30 09:56:11 EST 2015


Hi Jeffrey,

I will try to make this one much shorter.  I just have a couple more questions and comments.

I guess what I still don’t get is why my passwords if exposed in plain text would jump out as having been generated by any one particular system or another, particularly if someone could only examine just one of them.

I understand that if one of these passwords were exposed in plain text it could be used on whatever site it was leaked from, the point would be that you could not copy it and use it for other sites (using the same password everywhere) or quickly and easily just take a glance at it and determine how it was created like you could by looking at “l1nked1n123!” or similar.

I am curious what ideas you or anyone else have for improvement? Assuming a person isn’t the rain man, how can we remember secure passwords without having to trust third parties?

I still feel as though I am personally more likely to become victim of a mass attack than a targeted attack and I think many others are probably in the same boat.

"I like to take a Kantian approach to password generation schemes: They should remain good even if lots of people use it. Offering advice that becomes bad if people actually follow the advice isn’t really good advice, is it?”

As for this, perhaps but I’m trying to figure out how to improve it. I still don’t think it’s as bad as what most people use, and if you can’t or won’t use one of the typical managers - what other options are there?  That is what I’m trying to find out by talking to those that know more than me.

"A password that is hashed twice instead of once just isn’t a noticeable barrier."

Does hashing it several times help?

I am going to read your link now.

Thanks for all your input and insights.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20151230/a8c38ee5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20151230/a8c38ee5/attachment.asc>


More information about the cryptography mailing list