Questions tagged [passwords]
Passwords are secret keys which human beings can memorize.
528 questions
2
votes
3
answers
167
views
Does adding a common prefix to several passphrases makes them weaker if the prefix is leaked but not the rest?
I am using Gnupg with AES256 symmetric encryption. There is a passphrase for each kind of files to encrypt, e.g. the passphrase for all work-related documents might be MyWorkRelatedPass19, whereas ...
- 163
3
votes
4
answers
420
views
Is there a secure hashing function that avoids the transportation of an unprotected password
The problem I am trying to solve is the transportation of an unprotected password from its entry point to the point of compare with the salted and hashed password. e.g. User enters a password in a ...
- 131
0
votes
2
answers
116
views
Is the Vigenère Cipher unbreakable if random passwords are being encoded?
If a random password, using a selection of all 94 printable ascii characters (I don't use spaces), is encoded using the Vigenère Cipher, is it unbreakable as there would be no common words or letters ...
- 137
1
vote
1
answer
185
views
What Makes a 2SKD (Two-Secret Key Derivation) Secure?
I'm currently studying the security mechanisms used by 1Password, particularly the Two-Secret Key Derivation (2SKD) sequence as described in section 8.2.1 of their white paper.
Here's the specific ...
2
votes
2
answers
249
views
Does password bruteforcing decrease password's entropy?
So, I randomly sampled a password out of a space of $N$ many candidates, and handed its hash to an adversary. My password's entropy is $\log_2N$ bits.
The adversary brute-forced the 1st half of ...
- 721
1
vote
0
answers
58
views
In the Passkey implementation, how would a user recover his account if the server does not store any secret?
I've read in multiple articles that one benefit of passkey over password is that in the passkey implementation the server only stores the public key, therefore, the user won't lose any secret even if ...
- 167
0
votes
0
answers
62
views
Safety of password manager algorithm
I would like to ask about vulnerabilities of the following algorithm for a password manager.
It is structured as follows:
There is a master password UTF-8 10 characters long, not to be stored anywhere....
- 137
3
votes
1
answer
133
views
Is the user's password revealed to a curious server in the OPAQUE PAKE?
If the server is honest-but-curious, it can attempt to guess the user’s password $\mathsf{pw}$ by computing $\mathsf{rw} = H(\mathsf{pw}, H'(\mathsf{pw})^s)$,where $s$ is the server's OPRF key. Then, ...
3
votes
2
answers
356
views
Are Java PKCS #12 key stores reasonably secure with average strength passwords?
Suppose:
We are using an application that stores sensitive private key information in a standard Java PKCS #12 keystore.
Users are expected to provide an overall store password and also a password ...
- 141
1
vote
1
answer
189
views
Cryptography key size question ASCII characters
I need help wrapping my head around this notions on the key lengths and size.
Exercise: Key sizes
Task 1: Key size
What is the key size of key for sequences of 10 ASCII characters? What is the ...
3
votes
1
answer
271
views
Judgment of Results from NIST Randomness Testing
I am using the NIST suite to test the randomness of binary numbers and I have a 64KB dataset. I am confused with the results in finalAnalysisReport.txt.
I have the ...
- 43
2
votes
2
answers
449
views
Is there a quantum-safe password-based authentication method that doesn't require giving the server too much data
I've been reading up on different authentication protocols recently while I implemented the sign-in functionality for my website. Many of the suggested methods password-based authentication seem to ...
- 1,124
2
votes
1
answer
264
views
Password Manager Architecture and Design
I'm working on a local, client-side password manager. I want to hash a master password with argon2 to store it safely in an SQLite database. This will be how a user could login and be authenticated. (...
- 123
2
votes
2
answers
797
views
How secure is the password from the hash sum (SHA-512) of a long sentence
If I convert a long sentence (>50 characters) to c and use the result (128 hex characters) as a password, how secure is it?
- 121
0
votes
0
answers
75
views
Can you have a public password file that is still secure?
So I’ve been reading about different ways to store passwords on servers (plain text, encrypted, hashed, hashed + salt, slow hash + salt) and I wanted to find a way where a leak of the stored passwords ...
