tag:blogger.com,1999:blog-12753102.post6900263049371500967..comments2024-03-18T03:44:29.957-04:00Comments on Ben's Journal: It's all in your head: Adventures in Generating Site Specific PasswordsBen Simonhttp://www.blogger.com/profile/09833753747177544979noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-12753102.post-24181921791493163282014-09-29T21:59:07.157-04:002014-09-29T21:59:07.157-04:00> There are some problems with your suggestion ...> There are some problems with your suggestion ...<br /><br />All fair points.<br /><br />> Although I am intrigued by Blum's algorithm, as you are, the problem is that it's an algorithm, not a solution. ...<br /><br />Yeah, it's entertaining and a novel approach.<br /><br />> So the default password storage method is to write down your password and put it in your wallet. Anything else you propose has to be better than that to be considered.<br /><br />I'm not sure I completely buy Bruce's logic (credit cards are kept in wallets, but are far from secure), but I do think he's probably right: no matter where you store the information, it's vulnerable (and if you don't store it, it can be forgotten). A paper notepad is reliable, and safer than cloud storage, a thumb drive or carrying the data on a mobile phone. (But of course, you can lose the notebook...)<br /><br />Still, it's an interesting problem and one that's fun to mull over.<br /><br />Thanks for the info!Ben Simonhttps://www.blogger.com/profile/09833753747177544979noreply@blogger.comtag:blogger.com,1999:blog-12753102.post-84647035618341759242014-09-29T16:23:24.566-04:002014-09-29T16:23:24.566-04:00Thanks again for mentioning my blog.
There are so...Thanks again for mentioning my blog.<br /><br />There are some problems with your suggestion. First, each web site has rules about what passwords are acceptable (mix of upper and lower case, digits, punctuation, length), so a one-size-fits-all approach probably won't work. Second, sometimes you have to change passwords (expiration rules, passwords get hacked and everybody has to change). Third, as you mention, where do you store the keys, and how do you keep them synced between different machines (your phone, your laptop).<br /><br />Although I am intrigued by Blum's algorithm, as you are, the problem is that it's an algorithm, not a solution. Bruce Schneier has the best answer. You have spent your life developing a procedure to keep small bits of paper secure -- money in your wallet (and debit/credit cards, nowadays). So the default password storage method is to write down your password and put it in your wallet. Anything else you propose has to be better than that to be considered.<br /><br />If that's not good enough for you, look at http://www.passwordcard.org/en, which is an alternative somewhere between Blum and Schneier.Philhttps://www.blogger.com/profile/11936034693953650339noreply@blogger.com