Security Basics mailing list archives
Re: Password Cracking
From: Miles Stevenson <miles () mstevenson org>
Date: Wed, 15 Sep 2004 21:09:23 -0400
<snip>
I am calling this vulnerability Strong Passwords but Weak Systems.
</snip> A good variation on this kind of attack is the slew of recent phishing attempts hitting your inbox on a regular basis. This and other forms of social engineering make password complexity irrelevant. This is another good example of why it is not a good idea to rely on passwords for authentication. As a general practice, I try to keep password authentication as a last resort solution. Asymmetric cryptography (pub/priv keypairs) is my usual perferred solution, although skey, and other forms of biometrics are other alternatives that can sometimes be more appriopriate depending on your situation. My philosophy is that if it relies on passwords for authentication, its getting wrapped inside a VPN tunnel with better authentication mechanisms. -- Miles Stevenson miles () mstevenson org PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63
Attachment:
_bin
Description:
Current thread:
- Re: Password Cracking, (continued)
- Re: Password Cracking K. K. Mookhey (Sep 18)
- Re: Password Cracking Anirudhya Mitra (Sep 27)
- Re: Password Cracking GuidoZ (Sep 27)
- Re: Password Cracking GuidoZ (Sep 27)
- Re: Password Cracking Über GuidoZ (Sep 13)
- Re: Password Cracking Steve (Sep 13)
- Re: Password Cracking Miles Stevenson (Sep 18)
- RE: Password Cracking Jonathan Loh (Sep 15)
- Re: Password Cracking Dave Aronson (Sep 18)
- RE: Password Cracking Nick Owen (Sep 15)
- RE: Password Cracking William Baglivio (Sep 15)
- RE: Password Cracking easternerd (Sep 23)
- Re: Password Cracking GuidoZ (Sep 15)
- Re: Password Cracking David J. Bianco (Sep 16)