On Wed, 11 Jan 2012 17:05:28 -0500 Tanstaafl <tansta...@libertytrek.org> wrote:
> On 2012-01-11 4:51 PM, Alan McKinnon <alan.mckin...@gmail.com> wrote: > > The site doesn't say much. It has one page, no internal links > > (quite a few external ones) and a single link to an image. > > Weird... the wiki tree is gone... there are a *ton* of pages there, > I'll have to poke the maintainers... maybe they were updating > mediawiki and broke something... > > > But still, one can infer some of the methods of operation. There's a > > master password and a few bits of easily guessable[1] entropy in the > > additional data the user can configure. > > > > It has one weakness that reduces it back to the same password being > > re-used. And that is that there is a single master password. > > Like I said, you can use more than one. The trick is remembering > which one you used with which accounts. I use different Master > Passwords for different Account Groups. > > > An attacker would simply need to acquire that using various > > nefarious means (shoulder surfing, social engineering, hosepipe > > decryption) and suddenly you are wide open[2]. > > That is true for *any* password scheme... but there are simple ways > to mitigate the risks... > > 1. Use multiple Master Passwords... > 2. Change the character set used (I always do this) I like this one :-) yes, I know it's really just security by obscurity in disguise but I still like it. It's like anti-spam measures - effective at first till the spammers catch on then you go find another method. But in the interim you did have something workableto use > 3. Add additional character modifications to each password (figure out > one way that you can easily remember and do it the same for each > password) > 4. > > > I don't see that it increases cryptographic security by very much > > (it does by a little) > > Actually, it does, and once the site is back up I'll post here and > you can go read all about it... > -- Alan McKinnnon alan.mckin...@gmail.com
