Posted by Sanders Kaufman on 10/23/07 21:37

"The Natural Philosopher" <a@b.c> wrote in message
news:1193092804.14073.0@proxy01.news.clara.net...
> Sanders Kaufman wrote:

>> So you think that cracking an algorithm is easier than cracking a
>> password?
>> Do the math - the forumala is harder to crack.
>
> It entirely depends on the algorithm.

No - a dynamic value is *always* harder to guess than a static one.

But that's not what this is about.
This is about protecting your credentials from the person to whom you
DELIVER them.

If I can get you to sign up at my site (kaufman.net) with your userid and
password - the same one you use most everywhere - I don't NEED to crack your
password.
You gave it to me.

But by using an algorithm, instead of a static password - all I can do is
crack into your account on the machine I *already* control.
I can't login to paypal as you - because the resultant password is
different, even though your algorithm and private key remain the same.


>> Of course not. You just have a couple of usernames and passwords... that
>> you use everywhere.
>
> I hope you are not involved in security.
> First you deduce things from write data that are incorrect, secondly you
> assert as fact that which you cannot know.

This, I know.

[Back to original message]