Author Topic: Security through obscurity  (Read 5643 times)

Offline glowworm

  • Jr. Member
  • **
  • Posts: 13
Security through obscurity
« on: July 10, 2005, 12:36:51 AM »
Sorry for yet another left-field idea, this one is not important :)

I was thinking last night around 2:30am how the master password entry field gives away the length of the master key and if you are like me that master key is probably the same as used for PGP, DriveCrypt etc.

This means programs that try key attacks already know how many characters to use which drasticly reduces attack time. While the displayed length issue doesn't really matter for PM, it does make brute-force cracking of other programs just that little bit easier.

Would it be possible to display a random numbers of stars after the master password masking it's true length?

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Security through obscurity
« Reply #1 on: July 10, 2005, 07:21:20 PM »
Hi Glowworm,

Quote
Would it be possible to display a random numbers of stars after the master password masking it's true length?
Sure, that's a great idea. I'll post back here after it's implemented.

Thanks,
Eric

PasswordMaker Forums

Security through obscurity
« Reply #1 on: July 10, 2005, 07:21:20 PM »