overview

mushpup sprung from by my growing annoyance with registration-required websites -- especially the ones you don't foresee using more than a handful of times or on a very infrequent basis. I'm sure many people have come up with their own systems for dealing this. I began outlining my own on my blog. Ross Anderson's book on security engineering provided a more theoretical grounding.

my goals
1. formalize a secure protocol according to the guidelines listed below
2. implement it for myself
3. make the tools necessary for it to work as simply as possible
4. make it easily available (in a word, put it on a web page)
5. try to help others understand why the concept is important, even if they have no use for mushpup itself

guidelines
1. Simple Passwords (as in you could use a common word -- though not recommended -- and not have it be vulnerable to a dictionary attack)

2. Unique Passwords (see #1 for the obvious paradox; consider: how to have a unique password for every website that you login to and not have to memorize them?)

3. Secure Passwords (see #1 and #2 for the obvious challenge implicit in this -- you should not need to write it down)

4. Universally Accessible (you should be able to derive your password securely from any internet-enable computer)