ErsatzPassword

For discussions about security.
Post Reply
Message
Author
labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

ErsatzPassword

#1 Post by labbe5 »

Because data breaches are a recurring problem, ErsatzPassword could become a standard tool in business organisations. This tool will not prevent data breaches per se, but in case a data breach occurs, hackers will not be able to crack any real and usable passwords, it only will be fake ones. The technical details are in the research report. It is available here :
https://github.com/cngutierr/ErsatzPassword
I guess one of the early users will be banks because of the extra layer of security.
Top
User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#2 Post by Flash »

Do you trust that site? There are several easy English words misspelled in the description, which leads me to suspect that something nefarious could be afoot.
Top
User avatar
Ted Dog
Posts: 3965
Joined: Wed 14 Sep 2005, 02:35
Location: Heart of Texas

#3 Post by Ted Dog »

the word means fake or substandard replacement.
Top
User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

#4 Post by L18L »

Flash wrote:There are several easy English words misspelled in the description,
As I don't have a spell checker at the moment, give me just two examples please. :wink:

Thank you.
Top
User avatar
Burn_IT
Posts: 3650
Joined: Sat 12 Aug 2006, 19:25
Location: Tamworth UK

#5 Post by Burn_IT »

cleaver revieled

It is not a well written site and given that, would you trust the software??

I certain would not.

Mind you, I don't trust ANY software that "adjusts" passwords; the whole point of which is to keep them secret not "trust" to some third party.
Last edited by Burn_IT on Sat 23 May 2015, 15:48, edited 1 time in total.
Top
User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#6 Post by Flash »

[quote]ErsatzPassword is a PAM_UNIX module that utlizes (utilizes?) the Yubikey HSM to generate cryptographic password hashes in a cleaver (probably meant clever) way. If an attacker steals the hashed password file (e.g., etc/shadow, /etc/master.passwd) and attempts to crack the password via a dictionary bruteforce attack, the ersatz “fake
Top
amigo
Posts: 2629
Joined: Mon 02 Apr 2007, 06:52

#7 Post by amigo »

ersatz has no connotation of being inferior or fake. It simply means 'substitute' or replacement.
Top
User avatar
Burn_IT
Posts: 3650
Joined: Sat 12 Aug 2006, 19:25
Location: Tamworth UK

#8 Post by Burn_IT »

Substitute or replacement both mean NOT original or "copy" or fake??
Fake does not necessarily imply inferior.
"Just think of it as leaving early to avoid the rush" - T Pratchett
Top
amigo
Posts: 2629
Joined: Mon 02 Apr 2007, 06:52

#9 Post by amigo »

I don't recall ever hearing the word fake used in an non-negative way.
Top
User avatar
Burn_IT
Posts: 3650
Joined: Sat 12 Aug 2006, 19:25
Location: Tamworth UK

#10 Post by Burn_IT »

I think a lot of women would argue with that.
"Just think of it as leaving early to avoid the rush" - T Pratchett
Top
bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#11 Post by bark_bark_bark »

amigo wrote:I don't recall ever hearing the word fake used in an non-negative way.
ಠ_ಠ
....
Top
User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

#12 Post by L18L »

Thank you, Flash and Burn_IT for showing the misspelled words.

Totally agreed with you:
Flawless spelling is a necessary condition but not sufficient. :lol:
Top
Post Reply

Return to “Security”