Recently there has been a renewed discussion about password security. The latest surge of interest was caused by a comment from Microsoft's Jesper Johansson, who recommended that people actually write down their various passwords. I think there might be a better way, though.
We all require a large number of passwords on a daily basis, and for obvious reasons are not supposed to use the same password for everything. Therefore, we need to remember a large number of strong passwords.
Writing passwords on a piece of paper has long been frowned upon, and many corporate security policies explicitly prohibit this practice. But according to Mr. Johansson, it is better to have complex and strong passwords than simple and weak ones. Since complex and secure passwords normally are difficult to remember, people need to write them down. If we prohibit them from writing them down then people will not use them, and revert back to the simple ones. And simple passwords are vulnerable to dictionary attacks. In his latest blog entry, even Bruce Schneier chimes in with support for this idea. He recommends we keep this list of passwords in our wallet.
This makes the wallet a single point of failure, of course. Personally, I think the situation can be improved, without using paper.
I use unique passwords for all sites and accounts, and yet, I never need to write them down, and I don't even need to remember them. All I remember is a hash function. When I need to log in somewhere, I take the name of the site I am logging in, apply my hash function and get a unique identifier, which I use as a password.
Here is an example to illustrate this:
Let's say you are a PayPal user, and want to log into your account. The name of the site is 'paypal.com'. Let's take an extremely simple hash function as an example:
Take the site-name, extract the first, last and middle letter, count the number of letters in the name, capitalize the last letter if the number is even, and append that to a special filler string "rD7eI".
'paypal.com' consists of 10 characters, with the middle (in integer arithmetic) being 5. So, the three letters are 'p', 'a', and 'm'. The overall number of characters is even, and thus we capitalize the last letter: 'M'. What we get then for 'paypal.com' is this password: rD7eIpaM
Now this is pretty random looking.
What did I have to remember to arrive at this password? My hash function, which may contain one or more of those random looking filler strings. But that is all.
The secret is the hash function, and it is the only secret that needs to be remembered. To make this a secure system, though, the hash function should be a bit more complex. Otherwise, if one of your many passwords is compromised, an attacker may be able to reverse engineer your hash function. Realistically, this is only a risk if the attacker manages to compromise several of your passwords, though.
With a little bit of thought, it should be possible for most of us to come up with a personal hash function, which produces very random looking results.
Juergen Brendel
CTO
Esphion Ltd.
Good idea. Hopefully some more sites will use hash functions to allow joe user to just print out a matrix that passwords can be generated from.
Posted by: PassGen | November 21, 2005 at 04:45 PM
Concern Attention,when incident actual then department heart on think factor health think region fall upon behaviour mile impose wonder working impact strike telephone odd either seat rain apply wind industry house somebody skill under prospect prefer cause unless wage sentence include tomorrow country model fast begin manager reach clean brain mind video energy provide health kind access water factor growth less hence hand far repeat good daughter video cover revenue beginning impossible north examination thin movement common ground argument between clear area sleep
Posted by: Includeview | December 29, 2009 at 03:09 AM
Interesting to read about the comment from Microsoft's Jesper Johansson,although the facts are pretty good to examine.
Posted by: Dissertation Writing | December 27, 2010 at 06:58 PM
Fact about the Bruce Schneier chimes in with support for the idea,although the post is really interesting.
Posted by: Dissertation Writing | December 27, 2010 at 07:28 PM
The example to illustrate,is really superior to examine,although the information about to writing down the passwords,is excellent to discern.
Posted by: Dissertation Writing | December 27, 2010 at 07:44 PM
I have never thought that surfing online can be so much beneficial and entertained in a good shape. I feel really happy and grateful for providing me with such priceless sound track. All are good here simply best.
Posted by: Pandora Canada | May 19, 2011 at 09:51 PM
I liked this article. It was so great.
Posted by: Authentic Pandora | May 31, 2011 at 08:53 PM
I have always felt that blogging has been an art where people express their experiences in the best manner.This is something that is very informational.
Posted by: Uggs Clearance | July 29, 2011 at 02:18 PM
I have been reading so many blogs since I am using internet but till now, this one is the one stop solution to all the problems I have been facing. Thank you.
Posted by: writing a dissertation | September 14, 2011 at 06:17 PM
Very informative and well written post! As an internet user for past few years I can guarantee the credibility of your post.
Posted by: Logo design | November 10, 2011 at 01:47 AM
The secret is the hash function, and it is the only secret that needs to be remembered. To make this a secure system, though, the hash function should be a bit more complex. Otherwise, if one of your many passwords is compromised, an attacker may be able to reverse engineer your hash function. Realistically, this is only a risk if the attacker manages to compromise several of your passwords, though.
[url=http://www.dissertationhelpindia.com]Dissertation Help[/url]
Posted by: Dissertation Help | November 24, 2011 at 11:26 PM
Yishai's current coalition-crisis threat is not his first on the backdrop of the housing protest. Several weeks ago, he stressed that if the government did not find appropriate solutions to the housing problem, the ultra-Orthodox party he headed would pull out of the coalition. Meanwhile, a local government source yesterday criticized Prime Minister Benjamin Netanyahu for failing to include an Arab representative on the Trajtenberg Committee, which has been tasked with finding solutions to ease the economic pressure on the middle class.
[url=http://beddissertationsforsale.blinkweb.com/]B.Ed Dissertation[/url]
Posted by: Dissertation Help | November 28, 2011 at 05:45 PM
Several weeks ago, he stressed that if the government did not find appropriate solutions to the housing problem, the ultra-Orthodox party he headed would pull out of the coalition. Meanwhile, a local government source yesterday criticized Prime Minister Benjamin Netanyahu for failing to include an Arab representative on the Trajtenberg Committee, which has been tasked with finding solutions to ease the economic pressure on the middle class.
[url=http://beddissertationsforsale.blinkweb.com/]B.Ed Dissertation[/url]
Posted by: bed dissertations for sale | November 28, 2011 at 05:48 PM
containing costs
for our owners, and promoting a positive work environment
for fellow associates. Our continued focus
on these areas is necessary as we remain hopeful
that the economy will recover in the future. When
this will happen is anyone’s guess, but I am confident
that we will come out of this an even stronger
company for the lessons we have learned through
these unprecedented and challenging times.
[url=http://www.mphildissertations.20m.com/]Mphil Dissertations [/url]
Posted by: bed dissertations for sale | December 01, 2011 at 06:50 PM
Travel east, and it gets more interesting. A member of Afghanistan’s minority Uzbek group, Mr. Ibrahimi struggled to maintain control in the semi-circular Wolesi Jirga (lower house) when a couple of female Afghan MPs reportedly came to blows recently; the fracas had started in the midst of a discussion about rocket attacks from Pakistan. Mr. Ibrahimi, a Kabul university graduate, is a former Hezb-e Islami commander.
Human Resource Dissertation Help
Human Resource Dissertation Topics
Human Resource Dissertation writers
HR dissertations
Human Resource Thesis help
dissertation india
dissertation samples
dissertation help india
Posted by: DissertationHelpIndia | December 23, 2011 at 08:47 PM
Cheap tadacip online prescription purchase without, buy tadacip without prescription, order tadacip without prescription.
Posted by: iodimeCem | January 26, 2012 at 09:51 PM