how does the following method address the issues of thsi problem?
password = E((long-term-secret, site-name, F[password]))
F[]=one of those programs that tries to ensure a strong password, by
rejecting weak passwords
1. passwords are not "generated". they are thought up, by a person.
but, they conform to a site's specs and/or the rules of a strong
password. [caps, miniscules, letters, numbers, special characters, and
restrictions against dictionary attacks'.]
2. passwords can be changed.
3. if the encryption algorithm is computationally secure, then the risk
of the password file being compromised by having a password captured, is
reduced or minimalized.
On 12/20/2015 6:20 AM, Givon Zirkind wrote:
1. The generated password may not confirm to the requirements of the site or
service.
2. You cannot change the password a site if, say, there is a breach and you are
told to change your password.
3. If one of your generated passwords is captured as plaintext (lots of sites
store things as plaintext), it can be used for trying to crack your long term
secret, from which they can then reconstruct all of your passwords.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
