| > Computer Hardware Software | > Escaping Password Purgatory | > David M. Ewalt, 08.03.05, 3:00 PM ET | > | > ... "I think I have passwords for | > over 47 different applications both internal and external that I access, | > and I've acquired those IDs and passwords over several years," says Wayne | > Grimes, manager of customer care operations for the U.S. Postal Service. | | Try Site Password, | <http://www.hpl.hp.com/personal/Alan_Karp/site_password/>. It takes a | "good" master password, and a site name, and hashes them together to produce | a site-specific password. | Hmm. I came up with the same idea a while back - though with a different constraint: I think it's reasonable to trade off the one-wayness of the hash for the ability to work out the password with pencil and paper when necessary. Various classic pencil-and-paper encryption systems can be bent to this purpose. Since the volume of data "encrypted" is very small and it's hard for an attacker to get his hands on more than tiny samples - a given web site only sees its own password - you don't need much strength to give a reasonable degree of protection. -- Jerry
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]