From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 From: James Date: Fri, 10 Nov 2017 23:00:52 -0330 Message-ID: To: 9fans@9fans.net Content-Type: text/plain; charset="UTF-8" Subject: [9fans] entropy src Topicbox-Message-UUID: c51e95ae-ead9-11e9-9d60-3106f5b1d025 This is a bit of weirdness. Maybe someone out there in 9world would like it. What if two users on a site could be guaranteed not to have the same password? I'm thinking in terms like tcp/ip endpoints, in that src-ip:src-port -> dest-ip:dest-port is guaranteed to be unique for every connection that is in parallel, globally. if two users on a site could be guaranteed not to have the same password, it would be a boon for computer identity. think of it like this, if users share a common password dictionary attacks become feasible. let's compare two schemes, there is a door that there are 50 keys printed for, and there are 50 other doors each with one key. >>From the point of view of permutations the door with 50 keys is easier to access.* That's why dictionary attacks work. So if each user could be guaranteed that there password was unique, they can have confidence in the security of the utility because there are no dictionary attacks existing, theoretically. I'm thinking of this in the sense of a decentralized authentication or warehouse service. Decentralized in the sense that the user drives the patterns stored there. Iterating out the goal is that two connections between parties could be guaranteed to be unique, and that this same pattern could be applied to data. Yup, we have ipV6 but this is better. How? Well first you have to make sure you are talking to the right entity. That makes two assumptions. Your password is unique on their side. You are indeed talking to who you should be talking to. Then the data would flow, tagged with an origin. :D * there are one hundred people each holding one key Sent from my Windows PC