![]() ![]() ![]() In this partial password case, you'd want the "shared secret" to be a single value, and construct a polynomial such that, say 4 field elements, would always be sufficient to recover the same "secret". The amount of entropy added at generation time is greater than the amount of entropy in the secret. It's as secure as a one-time pad, and in the degenerate case of N=2 over a Galois field, is in fact a XOR-based one-time-pad. Information theory shows that having at most N-1 points on the polynomial still leaks no information about F(0). With Shamir's Secret Sharing, you start out with your secret expressed as a finite field element, and pick N-1 polynomial coefficients uniformly randomly from your finite field, and give M different participants values of the polynomial evaluated at different points. I thought about something similar to Shamir's Secret Sharing, polynomial fitting over a finite field, but in this case, information theory is working against you. If the car industry worked this way you'd have to take your car back to the dealer once a month to be patched to take account of constantly changing fuel formulations. Somehow this kind of nonsense has become culturally acceptable in the software industry. Password managers should also get cheaper because their vendors would not need armies of developers adding workarounds for popular sites. (Do Safari, Chrome and Edge already do this? Only they have the clout to make it happen.) The user could still fill out a text box lacking the standard autocomplete attribute by right-clicking and manually selecting the correct field. I can't offer a general solution, but if password managers simply refused to autofill to any field other than the one with the matching standard autocomplete attribute, web developers might start doing the right thing. Other examples are problems with lock files and file versioning (because programs tried to roll their own when the operating system didn't provide them), and the complexity of parsing "HTML soup" and emails with all kinds of bizarre invalid syntaxes. Specifically, 1Password has to do complicated guesses of what to fill where because many sites don't set autocomplete properly, so inevitably it will guess wrongly sometimes. Please do not post any sensitive information.This is an example of a common antipattern in software: some piece of software fails to correctly implement something (here, modern HTML autocomplete="cc-exp-year"), and another piece of software goes through all kinds of contortions to work with incorrect or incomplete implementations with the result that it now behaves undesirably with a third piece of software. Requests or posts that contain sensitive information should be directed to the Official FastMail support channels listed below. This subreddit is not affiliated with FastMail Pty Ltd. Thinking of signing up but not quite sure? Be sure to ask us! Please include what your needs are and if you are looking for anything in particular in an e-mail service. Trial and Paid accounts are available here. Our goal is to bring together FastMail users to share advice, answer questions, and provide the latest news and happenings at FastMail. ![]() User community for the popular FastMail E-Mail Service. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |