Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: NXT :: descendant of Bitcoin - Updated Information
by
Alias
on 25/01/2014, 20:26:08 UTC
Quote from: Zahlen on January 25, 2014, 08:16:39 PM
Quote from: Alias on January 25, 2014, 08:04:29 PM
Try this - www.passwordcard.org/en

Thanks for the suggestion. Smiley But, quoting from the site:

Quote from: https://www.passwordcard.org/en
Your PasswordCard has a unique grid of random letters and digits on it. The rows have different colors, and the columns different symbols. All you do is remember a combination of a symbol and a color, and then read the letters and digits from there. It couldn't be simpler!

That "unique grid" is supposedly generated by a code like ba625143531f714e that's chosen by the user. Sounds good, but what's the algo for generating the grid? If I were an attacker running the site, I would make resulting cards have only a limited number of different rows and columns. Still numerous enough to evade statistical analysis from buyers, but easy enough for an attacker to exhaust.


Van gens also introduce an attack vector: someone could upload a spoofed generator.


There is a reason why I also wrote the following:

Quote
Perhaps a dedicated open source NXT password card generator would be a useful tool for the community.