Re: Password scrambler program
- From: yarrkov@xxxxxxxxx
- Date: Fri, 14 Mar 2008 04:30:22 -0700 (PDT)
On 12 maalis, 16:01, David Eather <eat...@xxxxxxxxxx> wrote:
Yes. But from my impression (the URL for the program itself seems to
be dead so I can't check), this program asks for the "salt" when you
run it, as in Tim Smith's method. If you get to view it locally, you
might as well grab, for example, the keys from disk encryption
software as it's running. I don't consider that a very noteworthy
attack.
This is possibly a worthwhile time to recap some basics - if its talking
down to you, please know that was not my intention.
Cryptography is about (et al) protecting information from powerful and
motivated adversaries. No one is helped or interested in cryptography
that only protects against uninterested and unfunded passers-by.
Cryptography as much as is possible, resists attacks and attackers who
will spend time and money trying to break the system, who don't do the
expected and don't play by the rules. Analysis in this very adversarial
environment is harsh but criticisms are not generally personal attacks.
Software might be crap, useless or failed but this is not a comment on
the your character or the character of the writer. Some recent examples
to note would be the ciphers "Magenta" by Deutsch Telecom and "McGuffin"
by Schneier and Blaze. Both ciphers were broken at the first
cryptographic conference they were presented at. The two sets of
"parents" of these failed systems were an experienced team of engineers
who had invested heavily in the technology, and a pair of highly (and
still highly) respected cryptographers. I am sure they did not enjoy
watching their "children" being dismembered, but they knew the
criticisms were not about them.
The software "de jour" is intended to make passwords for the internet
more secure. It fails in this goal because it does not protect from
attacks by "insiders". True, this is not a very glamours or
sophisticated attack but it is noteworthy as the continual number one
danger to businesses, banks and computer uses of all types. The
software fails at the very first hurdle. KG suggested you use "password
safe" which is free. This program protects you from other people who
may have access to your computer (legitimate or otherwise) by generating
them for you with a secure random number generator and protecting those
passwords with encryption relying on you needing to remember only one,
hopefully better, password and adding to the protection with password
stretching.
Then our opinions shall differ about this.
.
- References:
- Password scrambler program
- From: battles
- Re: Password scrambler program
- From: David Eather
- Re: Password scrambler program
- From: yarrkov
- Re: Password scrambler program
- From: David Eather
- Re: Password scrambler program
- From: yarrkov
- Re: Password scrambler program
- From: David Eather
- Re: Password scrambler program
- From: yarrkov
- Re: Password scrambler program
- From: David Eather
- Password scrambler program
- Prev by Date: Re: Software for breaking weak encryptions
- Next by Date: Re: EC Key Derivation Problem
- Previous by thread: Re: Password scrambler program
- Next by thread: Re: Password scrambler program
- Index(es):
Relevant Pages
|
|
