Hear me out. Security question style layered passwords. #43
Replies: 3 comments 2 replies
-
|
Optionally you could require the answer be hashed a certain amount of times to add some delay against brute force attacks. |
Beta Was this translation helpful? Give feedback.
-
|
Also a way to make a self-decrypting Kryptor archive would be beneficial. An executable that self contains kryptor where double clicking on the file brings up the password box. |
Beta Was this translation helpful? Give feedback.
-
|
This basically used to be the case when Kryptor was a GUI program with an installer on Windows. However, cross-platform GUIs and OS integration are difficult. Furthermore, a GUI for encryption in several ways, signing, key generation, key recovery, etc becomes incredibly convoluted. That's why I switched to CLI development. In an ideal world, I'd support both, but it makes no sense from the workload perspective. |
Beta Was this translation helpful? Give feedback.
-
|
I understand what you mean, but security questions provide little to no security most of the time. If the information isn't publicly accessible (e.g. from social media, a blog, a CV, a data leak from a service you signed up to, someone who knows you), then it could still be very guessable (e.g. pet names). Then there's the issue of the answers generally remaining constant (e.g. your mother's maiden name doesn't change) unless you just provide fake information each time, which likely won't be that memorable. It would be far weaker than a password or passphrase. The solution to complicated passwords is to use randomly generated passphrases, which are long but more memorable. Unfortunately, convenience and security typically don't go hand in hand. |
Beta Was this translation helpful? Give feedback.
-
|
Understandable honestly. Thank you for the info |
Beta Was this translation helpful? Give feedback.
-
Not sure if this is a good idea or not, but having the ability to have questions pop up, such as, "What is your mother's middle name?" and have the answer be a set password, e.g. "Laura" and then another question, such as "What was the name of your elementary school?" (You could of course get to type out the questions and set the answers when you encrypt the file.)
I think this could be useful to be able to give people an option to help avoid having long complicated passwords, and instead have a series of "gateways" that the person could answer to decrypt the file.
It could also be used in a situation such as the question being "Do you agree to use this program non-maliciously? (yes/no):" with the password being yes, essentially a terms and conditions agreement if one so desired.
Sorry if this is a really stupid idea but it popped into my head so I thought I'd bring it up! :)
Beta Was this translation helpful? Give feedback.
All reactions