passwords! (p6)

brian carroll electromagnetize@gmail.com
Fri Nov 15 19:29:14 PST 2013


additional layers of transformation could also be included

that use symmetries or other calculus-like transformations.


consider the previous example...


  [1][2][3][4]  --->  [2][4][1][3]


now consider if within each subset additional characteristics

could be modified, such that set 2 is mirrored by vertically

by the letters that obey these principles... and set 1 has its

letters in reverse... and sets 3 and 4 are rotated 180 degrees


  [pass]-[wo]-[r]-[ds]   --->   [mo]-[sp]-[ssap]-[J]


and that this could also be dynamic and change, for a given

instantiation of the base password as it is mediated for login,

as an ever-changing password with its own variability which

could change daily given, say, a range of 30 such criteria

that may or may not be accessible in various combinations


then rulesets would be important, what if some letters can be

transformed and others cannot, are substitutions chosen or

are only some characters changed, or how to deal with a

character with multiple options for superposition translation


this kind of exponential potential for passwords in a context

where the simple model is so simple to allow easy hacking,

what if systems were designed to be significantly more difficult

to access and that /time/ was leveraged to limit unauthorized

access and to limit, via relativism, what can be seen in a given

threshold or timeframe, to potentially make it impossible for

automated attacks of logins via brute-force via zombie-nets,

by making the odds more the opposite of what they are today,

given access, enough time and dictionaries, versus limiting

the exploitable window, limiting the time frame, and use of

dictionaries via increased variability that is never static, and

thus each login could tend more towards 1 in a million guess,

by chance, and have that be the repeated situation encountered

at login, versus allowing 10 million attempts to gain illegal access


it just seems common sense that perhaps it is made to be broken

and that without such introducing or allowing parameters of such

increased difficulty, that perhaps it is the design of the ecosystem itself

versus its merit in terms of 'actual security' versus what is allowable,

thus making the password issue itself that of a false perspective,

as if 8-12 alphanumerics w/special characters is maxing out possibilities

when instead limiting the questions to those parameters may force

another approach prematurely, which could be even worse, policy-wise


😺 😶 😈
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20131115/9f0fb64d/attachment.html>


More information about the cypherpunks mailing list