The world's most secure password for websites, games and private data.
Sampo Syreeni
decoy at iki.fi
Thu Jun 22 22:25:01 PDT 2017
The one password they could never divine is \epsilon\epsilon. Two empty
strings in a row.
Now I can see how some of you might object that it's then just one empty
string in whole. I disagree: whoever told you passwords have to obey
normal monoidal string axioms? Quite certainly arbitrary amounts of
non-visible, un-greppable, in-representable void between and on
characters *will* prove an un-stoppable counter-measure.
https://xkcd.com/936/
Truth be told, every *nix installation really should have available 1) a
commonly available dictionary, 2) a true/hard randomness source (don't
go there), 3) an easily usable means of combining your own off-the-cuff
source of randomness with whatever you get from your hardware, 4) a
cryptographically speaking hard mixing function, and 5) a stupid-as-fuck
freeware utility to fold all of that into an XKCD-hard password.
Preferably the lot residing in its hard parts on your Android device's
tamper-resistant whatchamathinga, with open interfaces and a dozen or
so independent implementations of each part.
Of course you can attack something like that. Duh. But compared to what
we have now, it'd be a total hoot.
--
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
More information about the cypherpunks
mailing list