Wednesday 11 June 2014

Personal lock-out is kind of tricky

My step-sister has this exam-time ritual for staying off Facebook. She has someone else change her password, so when she wants to get on Facebook, she needs to go and ask that person to log her in. It involves a fair amount of trust on her part, but since her mum is her go-to gatekeeper, it's fairly safe. I know that there are browser extensions that can limit your time on websites - I use StayFocusd, myself - but I wondered whether there was any way you could lock something up and only let yourself back in at a specified time, without involving any self-discipline. Also, since this is a password situation, it would be better to avoid any insecure third-party systems like email delays.

Obviously you want to encrypt the password. That's a given, or else everything else is pointless. The trouble is, that doesn't get you anywhere on its own. The encryption needs a key, and if you need to get in later, then you need that key, so you'd better hold onto it. But now you're back where you started, trying to keep the encryption key secret from yourself until the designated time.

The only thing I can think of is encryption that's relatively breakable, but will take some time to crack. If you encrypt your Facebook password in a file with this encryption that will take, say, three hours of computer time (on your own PC) to unlock, that might work. Unfortunately, there's no actual way to predict exactly how long a crack will take. It might unlock on the first try, cutting 3 hours down to practically zero. In all likelihood, if it's going to take 3 hours to try everything, you'll probably get it done in half that time.

Mokalus of Borg

PS - I guess, if you encrypt the password, keep the key and then use a third-party delay system, that might work.
PPS - As long as you destroy all your local copies.

No comments: