On Mon, Apr 25, 2011 at 01:15:18PM -0600, Nicholas Leippe wrote: > Correct me if I'm wrong, but if your passwordcard is stolen it yields > a rather small dictionary for an attack on your accounts. > Better than plain text, but still not very secure--enough so that I'm > not sure it's worth it.
Explain how you would perform the dictionary attack, given the following
criteria:
1. Your password can be any length.
2. Your password can start anywhere on the card.
3. Your password can take any directional path, be it diagonal,
stright, spiral, or some other weirdness.
If my wallet is lost, or an attacker gains access to the card, I'm not
concerned about my accounts being compromised:
1. The attacker will have to successfully know the password.
2. The attacker will then have to map that password to the right
account.
Knowing that I use a different password for every account I have (thus the
reason for the card), I'm not going to lose any sleep over it. If the card
is no longer in my possession, I'll just reprint the card, and move on with
my life.
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
