Recent searches
Search options
Security researchers: stop working on quantum time-travel encryption or whatever and instead make a typo-tolerant close-enough password hash function so when someone types in bilnk182 they still can log in.
@evan hunetr2
@evan brb switching my password hash function to Soundex
@barubary now we're talkin'
Security researchers: stop working on quantum time-travel encryption or whatever and instead make a typo-tolerant close-enough password hash function so when someone types in bilnk182 they still can log in
A close approximation could be accomplished by sort of a reverse Levenshtein-distance algorithm on the plaintext rather than doing it on the hash side. Basically if the match fails, perform a series of simple transpositions, additions, and deletions on the plaintext and validate each of those - with transpositions checked first. This could still be done in milliseconds for passwords of average length. There isn't anything about this that could be labelled secure, as you're basically cracking the password using seed text, but most people will choose ease of use over security every time and won't care.
@mikedev I wonder if some pairs of letters are more likely to be transposed than others. I wouldn't be at all surprised if they are. Trying the more likely mistakes first would give you more effective mismatch-tolerance for the same amount of CPU usage.