Password managers

[Ming the Merciless]

the complexity and detail of the algorithms are probably something you'd want a mathematical doctorate

Not really, the maths is undergraduate level.

 

[Ming the Merciless]

I'll remember your passwords so you don't have to, just call me on 0800 6665555 and tell me what you want to remember.

I called it, but just got your sexy time answerphone. Can you turn that off please.

 

[Freeweel]

Not really, the maths is undergraduate level.

Of course, you're right. Most of the big security companies use 21 year olds with a 2-1 to set their security parameters, because that protects their brand adequately and is bound to be uncrackable. I defer to your knowledge of the field.

 

[Chris S]

All my passwords are based on my relatives' number plates when I was a child. I just associate the car with the website.

 

[si_c]

I don't understand why any login page would allow 2^28 guesses at 1000 guesses/sec. All it takes is an upper limit and a delay.

They don't. The point is that people re-use passwords which password managers help to prevent. The scenario this stops is a website getting hacked and the hacker comparing the stored passwords to a list of known used passwords. The guesses aren't entered into the website directly they're done offline - at significantly more than 1,000 guesses - my computer does it at well over 1mil per second even on more securely stored passwords.

Once the passwords are uncovered the hacker then tries them on a bunch of websites to see which ones they can get into.

 

[Ming the Merciless]

Of course, you're right. Most of the big security companies use 21 year olds with a 2-1 to set their security parameters, because that protects their brand adequately and is bound to be uncrackable. I defer to your knowledge of the field.

I was talking about the maths not the computer implementation. the vulnerabilities are in the implementation details not the maths.