There is some empirical evidence that it is not feasible to build a PRF which a human can (reasonably) compute in his head. Cryptographically, you want your password generator to be a pseudorandom function which takes as input the site name, and outputs the site-specific password. This example is meant to show what you actually want: you do not want "different" passwords, you want passwords such that knowing several of them does not allow guessing the password for another site. you remember the base "7g93hrew9" and then your passwords will be 7g93hrew9ebay, 7g93hrew9amazon. If you just want different passwords for the various sites, then just append the site name to a common "base" password. I'm not convinced this general idea is worth the hassle, but perhaps for some circumstances. You would be able to code this up on your regular machines for convenience, having it prompt you for the underlying passwords, but still be able to use it on kiosks, more slowly, from memory. If you really are worried about someone finding several of your passwords and figuring out the pattern, you could add some method to rotate each of the passwords circularly first or something, or shift them thru the alphabet, or whatever, but it is easily possible to get too paranoid and confused. Next is a vowel, so you use "c" from the first password. suppose your passwords are (from apg) hicIrfyic9 and FritwoivAuv0.įor the site stackexchange, the first two letters are a consonant, so you use the "Fr" from the second password. Else, if it's a consonant, use the corresponding letter from the second password.Į.g. If the letter is a vowel, use the corresponding letter from the first password. Take the letters of the site name in sequence. Generate two good tough random passwords that you commit to memory. Here's a new, hopefully better, brainstorm. ![]() Also ALL the passwords can be compromised at once! And in the end, my local password-safe is not at hand, if I'm at the machine of a friend. ![]() A password-safe is nice, but you are even more likely to forget the site passwords, and if you lose your store or it is damaged you have a problem. Does anyone know about such a method?ĮDIT: The thing I ask for should improve security, by making different passwords for each site/machine/program, but also keep all of them memorable. But ones seldom used, and forgotten, could be reconstructed with such a method. Commonly used passwords I will remember directly. But I should also be able to do the process in my head, without support from software or even paper and pencil. This method should generate two different passwords, for 'ebay' and 'amazon'. ![]() Say you have a password for ebay and amazon. I thought that a compromise might be some easy to learn rules and some secret master-password, to generate a password from the name of the site. Simpler passwords often are easier to guess. Many fewer than the number of web accounts I have. ![]() If I use really random passwords (generated by a password-generator), I can remember only a few. But you also should be able to remember them (or re-generate them) without the help of any notes or the like. My goal is to have mostly random passwords, that are different for each site. I was thinking recently about password security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |