Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Nitpick: This is not unbreakable crypto. This is more of a more secure key storage mechanism. Perhaps also a good defense against phishing attacks.

And it's not unbreakable. For starters, this system absolutely requires that the passwords be stored in the clear.



What about encrypting your 'secret' password with normal password? So you get assigned this 30 characters password, which you learn. Then you use normal password (like 'password123' :) ) to encrypt that string. Then when you need to log on, you first type in you normal password to decrypt your 'secret' password, which is then used to authenticate you further. I know, sounds ridiculous, just thinking out loud.

edit: yes, i know, encrypting the key with another string makes it just that tiny little bit secure, technically it's still plain text...


It sounds ridiculous for a reason. The weakest link in that chain is still the low-entropy password.


It's not even that. YOu can't store a key with this divice because for the authentication game to work, the system has to have the password.


True.

So it's not unbreakable, nor is it crypto. I'm not sure if it's anything, really.


Hype.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: