|
|
|
|
|
|
by oakenshield
4876 days ago
|
|
|
I've been thinking about this very problem---recovering a forgotten encryption password without trusting a third party. The state of the art seems to be 1. Print it out on paper and put it in a safe. This is somewhat annoying and inconvenient for the vast majority of users, and if you lose or don't have access to the paper, you're screwed. 2. Encrypt the password using answers to some security questions and store it with an online provider you marginally trust. This has the problem of reducing the security to the strength of your answers (which may be known to any number of people close to you), and people might even forget the spelling of their answers which puts them in the same pickle. I feel what would be ideal is some sort of a question/challenge that evokes a consistent, unique, high-entropy response from the user but the response is not based on a fact... sort of like a Rorschach test, perhaps, but one where each user would have a unique response. Is anyone aware of some system/research like this? |
|
|