nfoWorks Hard Hat Beginnings

n120801 nfoWorks nfoNote
AuthzN Password-Independent Keys
Diary & Job Jar

nfoWorks>notes>
2012>08>

n120801a>
 0.01 2013-05-20 09:33 -0700

Status

Date

Description
     
     
     
     
     
     
  2013-03-02 n120801: Find a reference to the Internet Worm and the use of /etc/password when the hashes were exposed.  This was addressed when, 1985?
  2013-02-12 n120801: Add references listed on #60.62 and earlier
  2012-12-09 n120801c1: section 3.3.2(2) it is d-*digit* base B numerals.
  2012-12-09 n120801c1: Add RIPEMD-160 for 160 bits.  Reference W3C XML Encryption for digest algorithms.
  2012-12-09 n120801c: Add reference for [XML], especially for the rules about admissible characters
  2012-12-09 n120801c: Add reference for [Unicode], especially UTF8 encodings
  2012-12-09 Make a separate note that deals with use of codes that have awkward distributions with respect to the characters, making it important whether it is the encoding that needs to have adequate randomness or the characters.  This can be part of the AuthzN folio, because it tends to apply in AuthzN situations.
  2012-12-07 Figure out the Markov process for determining different UTF8 encodings such that the resulting UTF8 has accurate efficiency.  [dh:2013-05-20 I think this is a simpler case, involving probabilities that must add to 1.  There is also a possible demonstration dealing with lengths 1-4 (or whatever the max UTF8 is) at the beginning and at the end.  There may be a set of fixed-chunk replications that capture all of this.]
  2012-11-21 n120801c: Add explanations for numerics, hex, monocase alphanumerics, base64 codes, 95-code ASCII, valid UTF8
  2012-08-27 Include references to implementation cases, development notes.
  2012-08-27 Describe the difference between these and the discussions of specific implementations.
done 2013-03-02 n120801: Add Evernote intrusion and reset notice
done
2013-02-21		 2013-02-17 n120801: Add my last blog post, the OIC TC advisory, and the ODF TC proposal [dh:2013-02-21 Add the 1-in-4 fraud and perhaps the China question]
done
2013-02-21		 2013-02-12 n120801: Add reference to "Securing Password Digests", <http://www.cigital.com/justice-league-blog/2012/06/11/securing-password-digests-or-how-to-protect-lonely-unemployed-radio-listeners/>.
done 2013-02-17 n120801: Add New York Times reference from today
done 0.03 2012-12-12 n120801: Add reference to the Trustworthy computing blog post and white paper on pass-the-hash attack vectors.
done 0.02 2012-12-09 Refine the UTF8 case using the minimum short-sequence cases enough to defer more to a supplemental page and hook that in later.
done 0.02 2012-12-09 n120801c: 0.02 done well enough to be a decent placeholder for now so I can go ahead and post to the site, then come back and address authz160 in the protection# namespace.
done 2012-11-24 120801c 0.02-pre: Tweak some wordings.
done
2012-11-18		 2012-11-14 n120801: Add other references on the rash of password thefts that appear to have happened.
done
2012-11-18		 2012-11-17 Change to "AuthzN" (proper noun) everywhere, so there is no sentence capitalization disharmony: n120801, n120801a, n120801b, n120801c, n000001
done
2012-11-17		 2012-11-14 n120801: Add the Overview and link to the the principles page for the rest. [dh:2012-11-17 now called "Summary"
done
2012-11-14		 2012-11-10 Don't use authenticator.  Use "key" or "derived key".  n120801, n120801a, n120801b, n120801c
done
2012-11-14		 2012-11-03 n120801: Describe the background for authzN.
not done
2012-11-10		 2012-09-10 Address the fact that an authzN need not be indistinguishable from random (that is, cryptographically random), although there should be a significant proportion of the bits that are.  This could be specified in a table.  [dh:2012-11-10 That is unnecessary. We stick with the randomness.  For a DKX Coupon, the Salt is not provided in the authzN portion, the derived key is supplied as the authzN.  So there is no need to weaken the conditions on authzN.]
done
2012-11-03		 2012-09-02 Touch up headings, formats, styles, and attribution links as necessary.  Make sure link is in 2012.  n120801, n120801a, n120801b, n120801c
done
2012-09-10		 2012-09-05 Reflect the change of name in the catalog and in dev as necessary.  [dh:2012-09-10 The dev review is moved to d000000 for percolating into that the dev structure]
done 2012-09-05 Change from authz160 to authzN.  n120801, n120801a, n120801b, n120801c.
done
2012-08-27		 2012-08-20 Make placeholders for n120801, n120801a, n120801b, and n120801c
done 2012-08-20 Add to the catalog
done 2012-08-20


This material conforms to the 2008-02-18 styles for Site Bootstrapping.  Check those pages for additional details of the approach and the styles.  Contact the nfoWorks technical coordinator with questions and to report any defects that you notice.
 
done 2012-08-20

Create this page ready for recording Diary & Job Jar items of this nfoNote.
Revision History:
0.01 2012-12-09-09:11 Steady Version Development
Work items are now against stable, populated structures.
0.00 2012-08-20-13:12 Create Initial Placeholder
Introduce an initial placeholder that serve as a target of links and provides a diary & job jar that can be employed immediately.
Construction Structure (Hard Hat Area)
Creative Commons License You are navigating nfoWorks.
This work is licensed under a
Creative Commons Attribution 2.5 License.

created 2012-08-20-13:12 -0700 (pdt) by orcmid
$$Author: Orcmid $
$$Date: 13-05-20 9:33 $
$$Revision: 54 $