Unix links subverting Web security

• To: www-security@ns2.rutgers.edu
• Subject: Unix links subverting Web security
• From: "David M. Chess" <chess@watson.ibm.com>
• Date: Fri, 27 Oct 95 09:20:02 EDT

> only one type of password that is acceptable today: random gibberish (mean
> gibberish - nothing phonetic even) created by a RNG seeded by a non
> deterministic source (some good ones available). a really random 8 char
> passwd will make brute force attack not much fun. now do this with 12 char

Unfortunately, a completely random password will make the "walk
casually around in the office memorizing all the passwords written
on post-it notes on the walls" attack work even better than it
normally does.  You win some, you lose some.  Allowing long
passphrases (PGP model, for instance) seems a better solution;
a somewhat higher plane in the tradeoff-space.

DC (hoping he hasn't accidentally started the Password Thread)

• Previous: Re: Unix links subverting Web security
• Next: Re: Unix links subverting Web security
• Index(es):
  • Index
  • Thread