// incompleteness of completeness, additional oddity... if considering [password] as a bit-set instead of linear string, such that [p|a|s|s|w|o|r|d] could itself be variable, per bit, ex. [pass|word|1234|bluegreen] then, if a password service used this principle, instead of requiring just 8-12 alphanumerics plus allowed special characters as the basis for /security/, instead what if it was 3-4 sets instead, themselves having special rules... [set1|set2|set3|set4] in this way, a 'rolling password' could be developed in that the sequence could be arbitrary or change, given the instance or interaction, which may or may not include changing variables (months till b-day, temperature in zipcode, etc) in other words: [password] ---> [pass][wo][r][ds] whereby, via its continual dynamic state, could exist in multiple versions by default, and then have this managed between client/server [1][2][3][4] ---> [2][4][1][3] [pass]-[wo]-[r]-[ds] ---> [wo]-[ds]-[pass]-[r] this could extend into sequences of not only alphanumerics through also icons (picked amongst many on the server, thus creating more unknowns), say choose 1 of available 20 icons, which is not included in stored password, nor its place in sequence knowable to attacker... [pass][icon13][wo][r][ds] ---> [icon13][wo][ds][pass][r] thus a changing string made up of subsets rearranged that may even have non-stored variables [#], icons or other approach [3b]-[alphanum1a]-[5e]-[32^F]-[4d]-[icon]-[2c] [2c]-[3b]-[alphanum1a]-[4d]-[icon]-[67^F]-[5e] then the probabilities and computation is upped exponentially even if accessing some part of the correct code, which may not be reliably reused, seemingly the more subsets, more security from an initial attack-- thus even if one instance of passwords were found, they could be changed or even transformed into another set and detach from those lost, locking out else deactivating the previous versions. a lot could seemingly be done with this though a secure environment would be required which seems difficult to guarantee if not allow for sake of someone elses interests, known & unknown 𝓶 𝟡 𝑤
participants (1)
-
brian carroll