And yes, even with reduction functions, there's no way you can build a rainbow table holding 2^2048 possible hashes.

My rainbow table from 2004 has hashes for every combination of 0-255 (not just printable ascii) up to 256 bytes long.

256 bytes is 2kbits which means your table has to have 2^2048 entries? I doubt that. If you took every atom in the universe and turned it into its own universe, and did that 3 times, the number of atoms in the resulting universe of universe of universes would still be less than 2^2048.

Anyhoo the best kinds of passwords are phrases with subtle errors or small random changes

No, that is not true. The best kinds of passwords are long sequences of characters derived from /dev/random. Using a cryptographically-secure random number generator to make a password with as much entropy as possible, is provably better than anything else.

I guarantee that nobody will crack something like k$18aWIpbQuo(s!opM2eKCiotu,W?jvr There are plenty of password-cracking tools that introduce "subtle errors" or "small random changes" to English phrases.

No, if you base it on IP address, then it's pointless to lock out attackers because they have more IP addresses than you can ever hope to lock out. And consider your authentication system design, potentially having to keep track of tens of millions of locked IP addresses per user account...

I have never encountered a system that took IP addresses or even networks into account when deciding whether or not to lock an account. If an organization is aware that someone is trying to crack your account and they do use lockouts, but don't lock it out globally, then IMO they are at risk of a lawsuit.

What I'm saying is this: Throttling is ineffective if you base it on IP address (because attackers have nearly unlimited numbers of those) and is a DoS if you don't consider the IP address.

While password keepers can be subject to attacks, because they let you use long and random passwords, an attacker obtaining the encrypted vault is probably not going to be able to decrypt many passwords, as opposed to not using a password keeper and using passwords you can memorize. I think you are not really understanding how password attacks work.

Using SHA1 as an HMAC is safer than using it as an ordinary hash function. I doubt that anyone will be able to reverse-engineer your shared secret by intercepting a few of your 6-digit pass codes.

When I ran my company, that's exactly what we did. We picked people's passwords for them and did not let them change the password. If they wanted to change it, then we generated a different random one for them.

My rationale was that if we got hacked and the passwords were leaked, at least those passwords were very unlikely to be useful on any other sites used by our customers. Unless they loved our password so much they reused it, I guess... but that's not too likely.

A traditional login system throttles based on the endpoint (ie, the IP address or a specific browser cookie.) I read your setup as a global throttle. If that's not what you meant, then fine; I'll explain why throttling doesn't work: Attackers have armies of machines at their disposal as part of a botnet, and they can distribute their cracking attempts so it doesn't look like any one particular machine is trying too often.

And if you lock an account after a certain number of incorrect guesses... we're back to the DoS situation, where anyone who knows or can guess your login name (often your email address) can lock you out of your account.

Yes, a password keeper is a vector for hacking. But if your password keeper is locally stored on your computer, it's a very distributed target compared to getting a juicy list of encrypted passwords from a big web site. Hackers are going to spend mountains more effort trying to hack LinkedIn than they are trying to sniff around my PC to try to find my encrypted passwords.

Password keepers are also good for ensuring you don't use the same password on multiple web sites. Because if you do, then someone figuring out your Pintrest password might also get hold of your online banking password, since they are the same.

Great, so now attackers can easily DoS your login system.

Besides, most password-strength analyses assume the attacker has full access to the file of encrypted passwords.

However, nobody in their right mind will store a password by simply storing the MD5 sum of the password. It will be salted and stored with a large number of rounds of a more secure hashing function which makes the crackers' job much harder.

You don't need to write "War and Peace". I will generate a perfectly secure, practically-uncrackable password for you right now.

/qh->0,uzLCb!51Wlcha4:a?@4Nmr:&^

Of course, you'll never be able to remember it. Which is why you store it in a password-keeper, encrypted with a strong passphrase (the only thing you do need to remember) and using a strong encryption algorithm like AES256.

Old news and 3 times on Slashdot. The new kids have already moved on to Dirty Frag, a new Linux local privilege escalation vulnerability.

It'd be a lot harder to find a (probably hashed) master password sitting in RAM, since it would look just like random bytes, than plaintext passwords. And you could surround the hashed master password with lots of other random bytes to make it even harder to find.

Switzerland is not a member of the EU.

Switzerland participates in the single market, but not the customs union. It's also part of the Schengen area.

But still. Not a member of the EU.

It increases costs for everyone, not just for immigrants. Canada is in the midst of a housing crisis for exactly this reason... we haven't built enough homes to keep up with population growth.

That's correct. Kids are not paid to do homework, so burdening them with two hours of work on the weekend when they should be playing and relaxing is even more egregious.

Any decent teacher will have the chops to evaluate whether or not homework is too hard for the kids.

And I'm sorry, but when my kids were little, it was not my job to do their homework. If they really needed help, they knew they could ask and I'd help them, but I've seen cases where the homework is so ridiculously beyond the ability of the kids that the parents ended up doing it.

(My kids hardly ever asked for help because their teachers set appropriate homework.)