Re: [cryptography] Hi all, would like your feedback on something

2015-12-30 Thread Brian Hankey
Hi Jeffrey, I will try to make this one much shorter. I just have a couple more questions and comments. I guess what I still don’t get is why my passwords if exposed in plain text would jump out as having been generated by any one particular system or another, particularly if someone could

Re: [cryptography] Hi all, would like your feedback on something

2015-12-30 Thread Brian Hankey
One more thing- can you send me some links for any of these you can think of off the top of your head? Thanks. > On Dec 30, 2015, at 9:24 AM, Jeffrey Goldberg wrote: > > And that includes versions of your scheme that are far superior to what you > have actually worked

Re: [cryptography] Hi all, would like your feedback on something

2015-12-29 Thread Jeffrey Goldberg
On Dec 23, 2015, at 2:18 AM, Brian Hankey wrote: > > I sent a long winded reply that has been stuck in moderation for a couple of > days I believe that this is because your are sending email with a text/html part. Most mailing lists will reject such things. >> Ah, so you

Re: [cryptography] Hi all, would like your feedback on something

2015-12-21 Thread Jeffrey Walton
On Mon, Dec 21, 2015 at 10:39 AM, Brian Hankey wrote: > >> From: Givon Zirkind >> >> On 12/20/2015 2:14 AM, Jeffrey Goldberg wrote: >>> The problem you address is certainly real. And a lot of people have >>> looked at various approaches over the decades. None,

Re: [cryptography] Hi all, would like your feedback on something

2015-12-21 Thread Brian Hankey
>> >> This, and things like >> >> >> @inproceedings{BonneauSchechter2014:USENIX, >> Address = {San Diego, CA}, >> Author = {Bonneau, Joseph and Schechter, Stuart}, >> Booktitle = {23rd USENIX Security Symposium (USENIX Security 14)}, >> Month = Aug, >> Pages =

Re: [cryptography] Hi all, would like your feedback on something

2015-12-20 Thread Brian Hankey
> > Peter Gutmann's Security Engineering > (https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf) has a good > treatment of Passwords in general. See Chapter 7 on page 563. > Thank you will read. > John Stevens of OWASP performed threat modelling of passwords in > storage on the server. See

Re: [cryptography] Hi all, would like your feedback on something

2015-12-20 Thread Givon Zirkind
On 12/20/2015 2:14 AM, Jeffrey Goldberg wrote: The problem you address is certainly real. And a lot of people have looked at various approaches over the decades. None, so far, is fully satisfactory. (I obviously believe that a well designed password manager is the best solution for most people

Re: [cryptography] Hi all, would like your feedback on something

2015-12-20 Thread Givon Zirkind
how does the following method address the issues of thsi problem? password = E((long-term-secret, site-name, F[password])) F[]=one of those programs that tries to ensure a strong password, by rejecting weak passwords 1. passwords are not "generated". they are thought up, by a person.

Re: [cryptography] Hi all, would like your feedback on something

2015-12-20 Thread Givon Zirkind
On 12/18/2015 6:35 PM, Ondrej Mikle wrote: 1) No matter how strong your password is, it will leak if you reuse it, because attackers hack badly secured sites/databases - this is in no way surprising, but it's "new" to non-tech-savvy people. constantly or periodically changing your master

Re: [cryptography] Hi all, would like your feedback on something

2015-12-20 Thread Jeffrey Goldberg
On 2015-12-20, at 4:33 AM, Brian Hankey wrote: > Let me make sure that I have been clear about what I propose, Thank you. I may very well have entirely misunderstood what your system did, as reading a bunch of PHP and JavaScript embedded within some HTML really communicate

[cryptography] Hi all, would like your feedback on something

2015-12-18 Thread Brian Hankey
Hi, I am curious to get some feedback from you about a little thought experiment/hobby project I’ve been working on with some of my coworkers and have a very early prototype of the concept. The question we are trying to answer here is how could we all have ultra strong passwords i.e.

Re: [cryptography] Hi all, would like your feedback on something

2015-12-18 Thread Brian Hankey
Hi Florian, Thanks for your input. Greatly appreciate the long response. I will respond point by point here. > > welcome to the fight against weak passwords! It's always great to have people > joining the security side of the battle, but be assured: it'll be a lot of > tough work getting

Re: [cryptography] Hi all, would like your feedback on something

2015-12-18 Thread Jeffrey Walton
> The question we are trying to answer here is how could we all have ultra > strong passwords i.e. “!3AbDEE9eE45DCea” that are you unique for each and > every website, email, social media, etc. service that we use but without > having to trust any third parties to store them for us protected by