Hacker News new | ask | show | jobs
by mikeash 4372 days ago
Not at all secure if you run it on DDG, since you give your password to a third party before you even get it yourself.
1 comments
rsl7 4372 days ago
But of course you could run it ten times and pick one of them. Or modify the instant answer to return ten or twenty. Not ideal or optimal, but there it is.
link
mikeash 4372 days ago
That hardly helps at all. Now instead of knowing your exact password, your attacker knows that your password is one of these 10-20 entries, and it's easy to just try them all.
link
rsl7 4372 days ago
Nobody has ever suggested this is a secure or ideal way to do it..
link
mikeash 4372 days ago
My point is that it's not really even better.
link