| 1 |
On 2012-01-11 4:51 PM, Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
| 2 |
> The site doesn't say much. It has one page, no internal links (quite a |
| 3 |
> few external ones) and a single link to an image. |
| 4 |
|
| 5 |
Weird... the wiki tree is gone... there are a *ton* of pages there, I'll |
| 6 |
have to poke the maintainers... maybe they were updating mediawiki and |
| 7 |
broke something... |
| 8 |
|
| 9 |
> But still, one can infer some of the methods of operation. There's a |
| 10 |
> master password and a few bits of easily guessable[1] entropy in the |
| 11 |
> additional data the user can configure. |
| 12 |
> |
| 13 |
> It has one weakness that reduces it back to the same password being |
| 14 |
> re-used. And that is that there is a single master password. |
| 15 |
|
| 16 |
Like I said, you can use more than one. The trick is remembering which |
| 17 |
one you used with which accounts. I use different Master Passwords for |
| 18 |
different Account Groups. |
| 19 |
|
| 20 |
> An attacker would simply need to acquire that using various |
| 21 |
> nefarious means (shoulder surfing, social engineering, hosepipe |
| 22 |
> decryption) and suddenly you are wide open[2]. |
| 23 |
|
| 24 |
That is true for *any* password scheme... but there are simple ways to |
| 25 |
mitigate the risks... |
| 26 |
|
| 27 |
1. Use multiple Master Passwords... |
| 28 |
2. Change the character set used (I always do this) |
| 29 |
3. Add additional character modifications to each password (figure out |
| 30 |
one way that you can easily remember and do it the same for each |
| 31 |
password) |
| 32 |
4. |
| 33 |
|
| 34 |
> I don't see that it increases cryptographic security by very much (it |
| 35 |
> does by a little) |
| 36 |
|
| 37 |
Actually, it does, and once the site is back up I'll post here and you |
| 38 |
can go read all about it... |
Archives