Thought experiment:

What if a data breech of stolen user names and passwords in plain text wasn't a jackpot.

Assuming one had a large enough user base. Plus one purposely saved everything in clear text. Then one implements an algorithm that saves each user's name and password in different locations. E.g. user `x` has password `y` and user `y` has password `z`, etc.

Thus if the database ever got leaked, although it looks like you received a gold mine, you only got a gotcha.

Additional algorithm/procedural alterations would be to mix up the pairs in arbitrary time intervals. Or it could be a fluid database that is constantly changing.

Follow

@barefootstache passwords aren't independent of the user or even the user name. even if you "mix up" the correspondence, the plaintext still gives me more information than I would have otherwise

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.