Hi Jeffrey,
I will try to make this one much shorter. I just have a couple more questions
and comments.
I guess what I still don’t get is why my passwords if exposed in plain text
would jump out as having been generated by any one particular system or
another, particularly if someone could
One more thing- can you send me some links for any of these you can think of
off the top of your head?
Thanks.
> On Dec 30, 2015, at 9:24 AM, Jeffrey Goldberg wrote:
>
> And that includes versions of your scheme that are far superior to what you
> have actually worked
On Dec 23, 2015, at 2:18 AM, Brian Hankey wrote:
>
> I sent a long winded reply that has been stuck in moderation for a couple of
> days
I believe that this is because your are sending email with a text/html part.
Most mailing lists will reject such things.
>> Ah, so you
On Mon, Dec 21, 2015 at 10:39 AM, Brian Hankey wrote:
>
>> From: Givon Zirkind
>>
>> On 12/20/2015 2:14 AM, Jeffrey Goldberg wrote:
>>> The problem you address is certainly real. And a lot of people have
>>> looked at various approaches over the decades. None,
>>
>> This, and things like
>>
>>
>> @inproceedings{BonneauSchechter2014:USENIX,
>> Address = {San Diego, CA},
>> Author = {Bonneau, Joseph and Schechter, Stuart},
>> Booktitle = {23rd USENIX Security Symposium (USENIX Security 14)},
>> Month = Aug,
>> Pages =
>
> Peter Gutmann's Security Engineering
> (https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf) has a good
> treatment of Passwords in general. See Chapter 7 on page 563.
>
Thank you will read.
> John Stevens of OWASP performed threat modelling of passwords in
> storage on the server. See
On 12/20/2015 2:14 AM, Jeffrey Goldberg wrote:
The problem you address is certainly real. And a lot of people have
looked at various approaches over the decades. None, so far, is fully
satisfactory. (I obviously believe that a well designed password
manager is the best solution for most people
how does the following method address the issues of thsi problem?
password = E((long-term-secret, site-name, F[password]))
F[]=one of those programs that tries to ensure a strong password, by
rejecting weak passwords
1. passwords are not "generated". they are thought up, by a person.
On 12/18/2015 6:35 PM, Ondrej Mikle wrote:
1) No matter how strong your password is, it will leak if you reuse it, because
attackers hack badly secured sites/databases - this is in no way surprising, but
it's "new" to non-tech-savvy people.
constantly or periodically changing your master
On 2015-12-20, at 4:33 AM, Brian Hankey wrote:
> Let me make sure that I have been clear about what I propose,
Thank you. I may very well have entirely misunderstood what your system did, as
reading a bunch of PHP and JavaScript embedded within some HTML really
communicate
Hi,
I am curious to get some feedback from you about a little thought
experiment/hobby project I’ve been working on with some of my coworkers and
have a very early prototype of the concept.
The question we are trying to answer here is how could we all have ultra strong
passwords i.e.
Hi Florian,
Thanks for your input. Greatly appreciate the long response. I will respond
point by point here.
>
> welcome to the fight against weak passwords! It's always great to have people
> joining the security side of the battle, but be assured: it'll be a lot of
> tough work getting
> The question we are trying to answer here is how could we all have ultra
> strong passwords i.e. “!3AbDEE9eE45DCea” that are you unique for each and
> every website, email, social media, etc. service that we use but without
> having to trust any third parties to store them for us protected by
13 matches
Mail list logo