Dr. Ruplayer, post: 84830, member: 9168 Wrote:Even though I did overrate middle class Russian cryptologists, look at this from this point of view, A is your site, B is your password, C, D, E, F, etc. are any additional sites, and C1,D1,E1,F1 are any additional passwords available. We have a formula (A:B) = (C:X) (where "x" is unknown) with a single password, very hard, but not impossible to find any additional password , and (A:B) = (C:C1) = (D:X)(where "x" is unknown) with 2 passwords available, makes it relatively easy task to do. Because A to B is parity to C to C1 and is parity to D to X.
And the only way not to get all your passwords unveiled is to generate them randomly with random characters, but you already mentioned in one of your early messages, that system is used.
But the problem is that the system isn't a linear cypher, and there is required information not present in the cypher itself (the corresponding operators). Let's say that you figure out that BobJanisRomeo is the password to war-lords, and you found that Bob is a word that corresponds to site names with two words, Janis corresponds to the the first letter, and Romeo corresponds to the the total number of letters. Unlikely on it's own, since I've had a system in the past where the number of letters and numbers corresponded to the key based on an integer sequence such as the fibonacci series (word a was for letter a, word b was for letter b, word c was for letters c, d, e, ect.) which couldn't be determined with only two passwords and that the system might have non alphanumeric properties (such as a Boolean based on whether or not the site uses blue as the foundation of it's color scheme), but I'll let it pass for the sake of argument.
It would then be pretty easy then to figure out that the password to facebook is either one two words(depending on whether or not I feel like splitting compound words), the letter f, and eight letters. Fine. Now how are you going to find out the corresponding words? Pull them out of thin air? You might argue that a dictionary search will reveal them quickly enough, but what if I start using internet or community specific jargon? Hell, I might use a short phrase. You might as well just be using a brute force attack, which will take a hell of a long time.