[9fans] entropy src

[9fans] entropy src

[James]

This is a bit of weirdness.
Maybe someone out there in 9world would like it.


What if two users on a site could be guaranteed not to have the same password?

I'm thinking in terms like tcp/ip endpoints, in that src-ip:src-port
-> dest-ip:dest-port is guaranteed to be unique
for every connection that is in parallel, globally.

if two users on a site could be guaranteed not to have the same
password, it would be a boon for computer identity.

think of it like this, if users share a common password dictionary
attacks become feasible.

let's compare two schemes,
there is a door that there are 50 keys printed for, and there are 50
other doors each with one key.

>From the point of view of permutations the door with 50 keys is easier
to access.*

That's why dictionary attacks work.


So if each user could be guaranteed that there password was unique,
they can have confidence in the
security of the utility because there are no dictionary attacks
existing, theoretically.

I'm thinking of this in the sense of a decentralized authentication or
warehouse service.
Decentralized in the sense that the user drives the patterns
stored there.


Iterating out the goal is that two connections between parties could
be guaranteed to be unique, and that this same pattern
could be applied to data. Yup, we have ipV6 but this is better.

How?

Well first you have to make sure you are talking to the right entity.

That makes two assumptions.

Your password is unique on their side.
You are indeed talking to who you should be talking to.

Then the data would flow, tagged with an origin. :D




* there are one hundred people each holding one key



Sent from my Windows PC

Re: [9fans] entropy src

[hiro]

I operate a pay-for cloud service where you can upload your passwords
(encrypted of course) and I tell you if your password is unique.

If they are not secure you have the option of supporting the ecology
by allowing me to recycle them, that means they will be added to a
big container of entropy and shipped to a country where children can't
get the required entropy for their personal safety.

I'm also currently working together with Khaled Omar, who is the
inventor of IPv10 and an IETF expert. Together we're building a
standard that allows federation of password database servers, so that
it becomes a truly decentralized system. You might want to also join
the federation network once we reach beta stage...

It's invite-only, and normally quite costy, but I can give it to you
for free if you're so inclined.

[9fans] entropy src

[James]

On Sat, Nov 11, 2017 at 6:17 AM, hiro <23hiro at gmail.com> wrote:
> I operate a pay-for cloud service where you can upload your passwords
> (encrypted of course) and I tell you if your password is unique.
>

sounds like a good business. Can I haz bc.

> If they are not secure you have the option of supporting the ecology
> by allowing me to recycle them, that means they will be added to a
> big container of entropy and shipped to a country where children can't
> get the required entropy for their personal safety.
>

like it more.

> I'm also currently working together with Khaled Omar, who is the
> inventor of IPv10 and an IETF expert. Together we're building a
> standard that allows federation of password database servers, so that
> it becomes a truly decentralized system. You might want to also join
> the federation network once we reach beta stage...
>

alpha beta... sounds like marriage.


> It's invite-only, and normally quite costy, but I can give it to you
> for free if you're so inclined.
>

Thanks, i prefer costy and i like to laugh.

Ah, I'm a little skeptical that i didn't reach my desired audience.

Think big, and carry a scientific calculator.

Proof theory, it means nothing. *

* email dissolves

thanks for sharing back....