Leak-resistant Secret Credentials

3 min readSep 25, 2021

Today’s topic is “Microsoft Exchange Autodiscover protocol found leaking hundreds of thousands of credentials” https://www.theregister.com/2021/09/22/microsoft_exchange_autodiscover_protocol_found/

It appears to be next to impossible for any talented servicers to locate all the critical vulnerabilities before someone else, bad guys in many cases, locate them. Then we should better assume that our own credentials could leak at any time.

One of the valid solutions against it would be to use the passwords whose hashed entropy is so big as to stand the brute force attacks by supercomputers. It is not what humans can easily do, however, meaning that we need a powerful tool to achieve it like the stones and clubs for our ancestors.

Our proposition of ‘image-to-code conversion’ might well make a sizeable contribution as discussed here “New Slide — Healthy Second Life of Legacy Password Systems” https://www.linkedin.com/posts/hitoshikokumai_bring-a-healthy-second-life-to-legacy-password-activity-6837948929376681984-xKjH

Well, were you considering that killing the password could be a solution?

What does not exist will indeed not leak, but we will end up seeing our future killed; Where our identity is established without our will/volition confirmed, democracy is fatally eroded. Practically we would no longer have a restful sleep unless staying alone in a closed space locked from within or fenced by faithful bodyguards.

Incidentally, the security effect of removing the password is discussed here — “Remove the army and we will have a stronger national defense”