Worm/Passwords

[Eirik Fuller]

In article <231 at twwells.uucp> bill at twwells.UUCP (T. William Wells) writes:
) ...
) 
) 			   I was just addressing a valid objection
) raised elsewhere about password generators.  The travesty program has
) the benefit of augmenting its random generator with additional data
) that the crasher has to get to before he can crack the password.
) 
) This eliminates the problem with a crasher simply running a generator
) program through all its possible states.

Yes, it means he has to guess the meta-password too :-)

If he knows the algorithm for the meta-password, do you choose a
meta-meta-password?  How many levels are enough?

If there is no algorithm for the meta-password, it probably comes from
the usual password mechanism, but once the mpw is guessed it gives
uniform (if slow) access to all the passwords.  Of course there might
not be a good test for correctness of guesses for the meta-password ...

Then again, I might just be babbling.  My own preference for passwords
is to change the algorithm every time I change my password.  The set of
mappings from meaningful scraps of information into eight character
gibberish is limited only by imagination, and in a creative, careful
community there will be as many of them as there are accounts.

The real problem with generated passwords is remembering them, not
guessing them.