On 2012-01-11 4:51 PM, Alan McKinnon <alan.mckin...@gmail.com> wrote:
The site doesn't say much. It has one page, no internal links (quite a few external ones) and a single link to an image.
Weird... the wiki tree is gone... there are a *ton* of pages there, I'll have to poke the maintainers... maybe they were updating mediawiki and broke something...
But still, one can infer some of the methods of operation. There's a master password and a few bits of easily guessable[1] entropy in the additional data the user can configure. It has one weakness that reduces it back to the same password being re-used. And that is that there is a single master password.
Like I said, you can use more than one. The trick is remembering which one you used with which accounts. I use different Master Passwords for different Account Groups.
An attacker would simply need to acquire that using various nefarious means (shoulder surfing, social engineering, hosepipe decryption) and suddenly you are wide open[2].
That is true for *any* password scheme... but there are simple ways to mitigate the risks...
1. Use multiple Master Passwords... 2. Change the character set used (I always do this) 3. Add additional character modifications to each password (figure out one way that you can easily remember and do it the same for each password) 4.
I don't see that it increases cryptographic security by very much (it does by a little)
Actually, it does, and once the site is back up I'll post here and you can go read all about it...
