<korryd@enterprisedb.com> wrote:
>> This is a special case of (2,2) secret sharing: http://
>> en.wikipedia.org/wiki/Secret_sharing Here the secret is the actual
>> password, a+b, shared into two parts, a and b. The above scheme
>> suffers from the problem that the user now knows quite a lot about
>> the secret.
>
> Hmmm... how would the user know anything about the secret unless he
> could somehow get to the resulting combined password?
>
> For example, if my password is "chocolate" and the application
> secret is "fudge", I can't recover any part of the combination
> "chocolate-fudge" unless ...
Assuming that you how the compound password is generated, you now
know that it starts with "chocolate" - any attack now has a smaller
space to search. The more sophisticated compounding schemes work
such that even knowing part of the secret, and the compounding
method, the search space is the same size as if you don't know any
part of the secret.
> So, in your opinion, this isn't a crazy idea? It should work? But
> it could be made more secure if Andrus is particularly paranoid.
Yah, that's all I meant to indicate. As others have observed, a
determined user can sniff the compound password out if they really
wish. I suspect the only really secure approach is some sort of
challenge-response algorithm, or a one-time pad in the application -
in either case, whatever the black-hat user sniffs off the wire or
with a debugger changes every session.
- John D. Burger
MITRE