[Clips] Escaping Password Purgatory
Jerrold Leichter
jerrold.leichter at smarts.com
Thu Aug 4 16:28:57 EDT 2005
| > Computer Hardware Software
| > Escaping Password Purgatory
| > David M. Ewalt, 08.03.05, 3:00 PM ET
| >
| > ... "I think I have passwords for
| > over 47 different applications both internal and external that I access,
| > and I've acquired those IDs and passwords over several years," says Wayne
| > Grimes, manager of customer care operations for the U.S. Postal Service.
|
| Try Site Password,
| <http://www.hpl.hp.com/personal/Alan_Karp/site_password/>. It takes a
| "good" master password, and a site name, and hashes them together to produce
| a site-specific password.
|
Hmm. I came up with the same idea a while back - though with a different
constraint: I think it's reasonable to trade off the one-wayness of the
hash for the ability to work out the password with pencil and paper when
necessary. Various classic pencil-and-paper encryption systems can be bent
to this purpose. Since the volume of data "encrypted" is very small and it's
hard for an attacker to get his hands on more than tiny samples - a given
web site only sees its own password - you don't need much strength to give a
reasonable degree of protection.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list