Scientists Release Working Prototype Of CAPTCHA-Based Password Assistant
An anonymous reader writes "Last year Slashdot ran a story on scientists from the Max-Planck-Institute for Physics of Complex Systems in Dresden, Germany developing a novel method to improve password security. A strong long password is split in two parts; the first part is memorized by a human, and the second part is stored as a CAPTCHA-like image of a chaotic lattice system. Today, after a year of work, the same group at Max Planck Institute released a working prototype online, where everybody can try this technology to encrypt files (Java plugin required)."
This requires self-signed applet with full privileges so by using this new security solution I will put my computer at risk. Isn't that great? I would have expected that people working in the security domain would not have the "I don't bother about actual rights I need so let us request full access" attitude.
There are too many oddities for me to try out the service, sorry.
1. The service isn't hosted on a .edu domain.
2. The about page makes a remarkably strong and vague claim for a group of scientists: "We are currently the strongest online encryption service available on the Internet."
3. The story was submitted anonymously rather than with a "full disclosure" warning.
4. There's no link on the web site to any supporting institutions, grants, or anything like that, even though the summary twice mentions the Max Planck Institute.
5. The unsigned software wants full access to my machine.
For all I know, this is an elaborate ruse to get a few poor saps to run untrusted code. I have nothing but the web site's word and the word of an anonymous commenter to go on balanced against the above weirdness, so I'm going to play it safe and move on.
As for you, "Konstantin," perhaps you're just a weird person, but there are way too many oddities for me to simply believe that you're the K. Kladko from the paper.
1. Your grammar and style are remarkably informal for an academic. You write like a teenager. /. comments about their work, or if they do their posts are highly informative (eg. The Bad Astronomer).
2. You use way too many smilies for a security researcher.
3. You sign your name while posting anonymously--just sign up for an account already.
4. You expect me to run untrusted code on my machine as a security researcher just because you say, "Please trust us". Seriously? Seriously? (It bears repeating.)
5. You're making lots of comments here. Usually scientists don't make any appearance on
My strong suspicion is that you're just rather young and naive and don't have enough supervision on this project. I'm not trying the software though.