Timeline for Is my developer's home-brew password security right or wrong, and why?
Current License: CC BY-SA 4.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| S Jul 9, 2020 at 9:53 | history | suggested | MC Emperor | CC BY-SA 4.0 | Corrected powers. |
| Jul 9, 2020 at 9:43 | review | Suggested edits | |||
| S Jul 9, 2020 at 9:53 | |||||
| Nov 24, 2015 at 14:53 | comment | added | monster | If by smart you mean people more knowledgeable about cryptography... | |
| Sep 12, 2014 at 20:31 | comment | added | supercat | @NathanLong: An important point about passwords/keys: if one suspects that one's secrets have been compromised, one can re-establish security easily and with confidence by e.g. rolling 25 transparent dice and using the values to generate a password or key (64+ bits of entropy); any die roll will be essentially as good as any other, provided only that the enemy doesn't find out what it was. | |
| Dec 18, 2012 at 21:01 | comment | added | Nathan Long | Any password could be called "security by obscurity". But in a good system, it's been proven that the password is the only thing you must keep secret. An untested system almost certainly has other flaws, so that while you're protecting the password, somebody gets in using an attack you didn't expect. Which is why you want an algorithm which has been attacked brutally and found to be strong. | |
| Dec 18, 2012 at 16:33 | comment | added | AakashM | "Probably written by smarter people than you" - you're assuming 'Dave' admits the existence of such. | |
| Dec 18, 2012 at 15:57 | review | First posts | |||
| Dec 18, 2012 at 16:33 | |||||
| Dec 18, 2012 at 15:55 | comment | added | Dan Is Fiddling By Firelight | For well known algorithms if you're not a professional cryptographer probably should be replaced with definitely. | |
| Dec 18, 2012 at 15:40 | history | answered | Konerak | CC BY-SA 3.0 |