Comments on: Perfect Passwords – with ease http://blog.pembi.net WARNING: May contain nuts. Wed, 11 Jan 2012 07:04:47 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Ken http://blog.pembi.net/essentials/essential-security/pembis-perfect-passwords/comment-page-1#comment-35 Ken Tue, 12 Jan 2010 16:35:47 +0000 http://blog.pembi.net/?page_id=628#comment-35 Let me know if you have any further thoughts once you've used it a bit? All feedback welcome! Let me know if you have any further thoughts once you’ve used it a bit? All feedback welcome!

]]> By: thingomy.livejournal.com/ http://blog.pembi.net/essentials/essential-security/pembis-perfect-passwords/comment-page-1#comment-34 thingomy.livejournal.com/ Sat, 09 Jan 2010 11:23:02 +0000 http://blog.pembi.net/?page_id=628#comment-34 (note that I haven't installed it -- I've just looked at this page and the firefox addon page so far ...) You may want to mention the web version and the other systems on the firefox page. BTW, having studied theoretical computer science, the concepts discussed above seem very strong indeed. The only weakness that I can see is in the key ("general-purpose password and secret-number") If a cracker knows you are using this system, they could use that to run a dictionary or other brute force attack on the key entered this would be only slightly harder than doing it for a normal password. They could also set up a fraudulent site, and use your password there to run an off-line dictionary attack and discover your key. As long as ONE of the following is true you are safe however: you use a secure key with sufficient entropy; noone knows or suspects that you use this system; noone is determined enough to jump through the extra couple of hoops just to attack you and other users of this system. Definitely an interesting solution to what is a really tricky problem. (note that I haven’t installed it — I’ve just looked at this page and the firefox addon page so far …)

You may want to mention the web version and the other systems on the firefox page.

BTW, having studied theoretical computer science, the concepts discussed above seem very strong indeed. The only weakness that I can see is in the key (“general-purpose password and secret-number”)

If a cracker knows you are using this system, they could use that to run a dictionary or other brute force attack on the key entered this would be only slightly harder than doing it for a normal password. They could also set up a fraudulent site, and use your password there to run an off-line dictionary attack and discover your key.

As long as ONE of the following is true you are safe however: you use a secure key with sufficient entropy; noone knows or suspects that you use this system; noone is determined enough to jump through the extra couple of hoops just to attack you and other users of this system.

Definitely an interesting solution to what is a really tricky problem.

]]>