DRM and Password Authorization

We log in online and are accustomed to being refused service if we supply an incorrect username/password combination. 

We persecute "plain-text offenders" and rightly expect to benefit from comparing a hash fingerprint of the credential presented online to a list of hash fingerprints, each paired with a username. Even better if the username is hashed as well.

The knowledge gained from online handshakes can benefit us in digital rights management. 

It has long been the case that we could obfuscate a password literal in source code by compiling it into object code. However, decompilers provide assembler code that can reconstruct the source code without descriptive variable names and make string values stand out.

Now, we can construct a creative solution. We can designate a username/password combination to COMPILE SOURCE UNIQUELY FOR EACH USER. To hide it in the object code, we hash the username and password with a published hash algorithm and use the hash-fingerprint literal instead of the plain text. 

The reason for multiple hashing is not that it makes the hash more secure. It does not. One iteration of a hash is completely irreversible. The reason for multiple iterations is that the time needed to repeat the hashing MULTIPLIES the TIME needed to try unauthorized password attempts. 

Since miscreants forever compile rainbow tables, we salt hashes as a matter of procedure. 

I welcome anyone to contact me, if the idea of "encrypt uniquely per user" can be improved. In the case of this entry I have suggested a unique compile instead of encryption. I understand that this hinders scalability.

@dictionarian on Twitter/X

Comments

Post a Comment

Popular posts from this blog

A Question About Erasthmus' Sieve

Students of Mathematics are familiar with Erasthmus' Sieve. 2     x 3          x                4       x 5               x 6     x     x 7 8     x 9          x 10       x          x 11 12     x     x 13 14     x 15          x     x 16     x 17 18     x     x 19 20     x          x 21          x 22     x 23 First, we strike all multiples of 2 up to the square root (5.) Then all multiples of 3, then all multiples of 5, etc. I wrote a digital implementation of the Sieve, and used the index cr...
Read more

Notice of corrupted results: Vigenere may yet be found to be a "group."

Retraction: It is with regret that I do not delete the previous post. I am an individual, not an organization, and I failed to adequately double-check my results, but I am leaving the post to maintain some accountability. I am able to definitively say that the script for 2chars_from_file.py DOES NOT yield an exhaustive list. It develops the ciphertext for all 2 Char combinations of the FIRST 10, three character ciphertexts. This is not due to a logic error, but rather there is a virus that corrupts the indentation of the two write statements.  This may be verified by downloading the relevant code, and examining it, and running it if needed, against the relevant datafile. It is difficult to be exhaustively correct about ALL of the scripts. This calls ALL of my results in question, with regard to the qualification of a mathematical group. If Vigenere IS a group, the resulting substitution is still valid, but there exist 6 Char passwords that will accomplish the same encryption in ONE...
Read more

A Simple Rule for the Stock Market

The Stock Market is where the wealth of America is stored. As such, it is best when the stock market faithfully reflects the ups and downs of the economy. Stock market corrections are how the stock market reflects setbacks to the economy. This is good, as far as it goes, but in fact, when a stock market correction occurs, it is not well understood where the value of labor, goods and services stored in the stock market goes.  The whole idea that rising stock prices reflect improvements in the economy, is that this is the result of good investments. Investing is an act of devoting time, effort, or energy to a particular undertaking with the expectation of a worthwhile result. An investment is proven to be a good one, when it pays off after a duration of time. If you buy a stock, you wait for it to rise in price, and sell it at the appropriate time. "Buy low, Sell high," is how stock brokers explain their craft. How long should you hold a stock? This has always been up to the ow...
Read more