One more thing- can you send me some links for any of these you can think of
off the top of your head?
Thanks.
> On Dec 30, 2015, at 9:24 AM, Jeffrey Goldberg wrote:
>
> And that includes versions of your scheme that are far superior to what you
> have actually worked out.
signature.asc
D
Hi Jeffrey,
I will try to make this one much shorter. I just have a couple more questions
and comments.
I guess what I still don’t get is why my passwords if exposed in plain text
would jump out as having been generated by any one particular system or
another, particularly if someone could on
On Dec 23, 2015, at 2:18 AM, Brian Hankey wrote:
>
> I sent a long winded reply that has been stuck in moderation for a couple of
> days
I believe that this is because your are sending email with a text/html part.
Most mailing lists will reject such things.
>> Ah, so you want the user to reme
On Mon, Dec 21, 2015 at 10:39 AM, Brian Hankey wrote:
>
>> From: Givon Zirkind
>>
>> On 12/20/2015 2:14 AM, Jeffrey Goldberg wrote:
>>> The problem you address is certainly real. And a lot of people have
>>> looked at various approaches over the decades. None, so far, is fully
>>> satisfactory. (
>>
>> This, and things like
>>
>>
>> @inproceedings{BonneauSchechter2014:USENIX,
>> Address = {San Diego, CA},
>> Author = {Bonneau, Joseph and Schechter, Stuart},
>> Booktitle = {23rd USENIX Security Symposium (USENIX Security 14)},
>> Month = Aug,
>> Pages = {607--62
On 2015-12-20, at 4:33 AM, Brian Hankey wrote:
> Let me make sure that I have been clear about what I propose,
Thank you. I may very well have entirely misunderstood what your system did, as
reading a bunch of PHP and JavaScript embedded within some HTML really
communicate things clearly.
>
On 12/18/2015 6:35 PM, Ondrej Mikle wrote:
1) No matter how strong your password is, it will leak if you reuse it, because
attackers hack badly secured sites/databases - this is in no way surprising, but
it's "new" to non-tech-savvy people.
constantly or periodically changing your master password
how does the following method address the issues of thsi problem?
password = E((long-term-secret, site-name, F[password]))
F[]=one of those programs that tries to ensure a strong password, by
rejecting weak passwords
1. passwords are not "generated". they are thought up, by a person.
but,
On 12/20/2015 2:14 AM, Jeffrey Goldberg wrote:
The problem you address is certainly real. And a lot of people have
looked at various approaches over the decades. None, so far, is fully
satisfactory. (I obviously believe that a well designed password
manager is the best solution for most people
>
> Peter Gutmann's Security Engineering
> (https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf) has a good
> treatment of Passwords in general. See Chapter 7 on page 563.
>
Thank you will read.
> John Stevens of OWASP performed threat modelling of passwords in
> storage on the server. See Sec
Perhaps I shouldn’t comment as I work for a company that makes a password
manager, and so a critique of your scheme might involve a conflict of interest.
But with that disclosure in mind, I will go ahead.
On 2015-12-18, at 8:27 AM, Brian Hankey wrote:
>
> The question we are trying to answer
On 12/18/2015 03:27 PM, Brian Hankey wrote:
> The question we are trying to answer here is how could we all have ultra
> strong
> passwords i.e. “!3AbDEE9eE45DCea” that are you unique for each and every
> website, email, social media, etc. service that we use but without having to
> trust any thir
> The question we are trying to answer here is how could we all have ultra
> strong passwords i.e. “!3AbDEE9eE45DCea” that are you unique for each and
> every website, email, social media, etc. service that we use but without
> having to trust any third parties to store them for us protected by sin
www.dashlane.com
On 12/18/2015 9:27 AM, Brian Hankey wrote:
Hi,
I am curious to get some feedback from you about a little thought
experiment/hobby project I’ve been working on with some of my
coworkers and have a _/*very*/_ early prototype of the concept.
The question we are trying to answe
Hi Florian,
Thanks for your input. Greatly appreciate the long response. I will respond
point by point here.
>
> welcome to the fight against weak passwords! It's always great to have people
> joining the security side of the battle, but be assured: it'll be a lot of
> tough work getting pe
Hi,
I am curious to get some feedback from you about a little thought
experiment/hobby project I’ve been working on with some of my coworkers and
have a very early prototype of the concept.
The question we are trying to answer here is how could we all have ultra strong
passwords i.e. “!3AbDEE9
16 matches
Mail list logo