tag:blogger.com,1999:blog-3509964621430370617.post7080574943279822182..comments2024-02-23T01:19:33.179-08:00Comments on Kathleen's projects and stuff: Forgetting the Code Signing Password to Sketch-a-bitKathleen Tuitehttp://www.blogger.com/profile/03777843165619115931noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-3509964621430370617.post-22259610860135912512012-12-01T04:01:16.966-08:002012-12-01T04:01:16.966-08:00If the password is a reasonable length, we might b...If the password is a reasonable length, we might be able to brute-force it.<br /><br />Does the signing key actually need to be encrypted with a password?Karlhttps://homes.cs.washington.edu/~supersat/noreply@blogger.comtag:blogger.com,1999:blog-3509964621430370617.post-82495522670185445142012-11-29T15:13:50.065-08:002012-11-29T15:13:50.065-08:00Historically, releasing a "version 2" on...Historically, releasing a "version 2" on the marketplace and updating that instead of the original seems to send the right message. Good luck with your passwords otherwise.Samhttps://www.blogger.com/profile/17180864993831990191noreply@blogger.comtag:blogger.com,1999:blog-3509964621430370617.post-4778814474653747272012-11-28T18:13:24.336-08:002012-11-28T18:13:24.336-08:00Here's a fancy site: https://www.pwdhash.com r...Here's a fancy site: https://www.pwdhash.com research from Stanford I believe<br /><br />You only have one password, plus the name of the website to which that password corresponds. It's like RSA for humans- a man-in-the-middle (ie leaked passwords) only get your hashed password, specific to that site, and not your private key.Armin Samiihttps://www.blogger.com/profile/11600871155521176754noreply@blogger.com