A better way to think about passwords
mailinglisten at hauke-laging.de
Mon Apr 18 13:21:07 CEST 2011
Am Montag 18 April 2011 12:53:12 schrieb Faramir:
> Maybe we should just pick a "good password", hash it a couple of
> times, and use that hash as the real password... we could carry the
> hashing tool in a flash drive.
That does not make sense to me because you do not increase the key space by
that. If you try to defend against somebody who knows what you do then it is
My wish is to have a secure, small, cheap smartcard-like device which stores a
salt, takes a passwort and gives you a hash then. The salt makes this secure.
Your "password" can even be the name of the organization to which the account
belongs. "bank xy". Easy to remember and completely safe thus because the hash
is created over
And if you are asked to change the password, over
Such an device would also allow easy but secure CRAM logins – even by phone.
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users