nanog mailing list archives

Re: Dear Linkedin,

From: Alec Muffett <alec.muffett () gmail com>
Date: Fri, 8 Jun 2012 21:41:03 +0100

PS: when security is hard, people simply don't do it. Blaming the victim
of poor engineering that leads people to not be able to perform best
practices is not the answer.


Passwords suck, but they are the best that we have at the moment in terms of being cheap and free from infrastructure - 
see http://goo.gl/3lggk

We've been in a bubble for the past few years, where Moore's law hardware had not quite caught up with the speed of SHA 
and MD5 password hashing throughput for effective brute force guessing; that bubble is well and truly burst.

Welcome back to 1995 where the advice is to change your passwords frequently, because it has a half-life of usefulness 
imposed upon it from (a) day to day external exposure and (b) the march of technology - and keep your hashing 
algorithms up to date, too.  See http://goo.gl/iL9EP for suggestions.

Have a nice weekend,

        -a

Current thread:

Dear Linkedin, Michael Thomas (Jun 08)
- Re: Dear Linkedin, Lyndon Nerenberg (Jun 08)
- Re: Dear Linkedin, Paul Graydon (Jun 08)
  - Re: Dear Linkedin, Michael Thomas (Jun 08)
    - Re: Dear Linkedin, Paul Graydon (Jun 08)
    - Re: Dear Linkedin, Michael Thomas (Jun 08)
    - Re: Dear Linkedin, Michael Thomas (Jun 08)
    - Re: Dear Linkedin, Alec Muffett (Jun 08)
    - Re: Dear Linkedin, Michael Thomas (Jun 08)
    - Re: Dear Linkedin, Alec Muffett (Jun 08)
    - Re: Dear Linkedin, Owen DeLong (Jun 08)
    - Re: Dear Linkedin, Joe Provo (Jun 08)
    - Password safes &c. (was: Dear Linkedin,) Andrew Sullivan (Jun 08)
    - Re: Password safes &c. (was: Dear Linkedin,) Tyler Haske (Jun 08)
    - Re: Password safes &c. (was: Dear Linkedin,) Andrew Sullivan (Jun 08)
    - Re: Password safes &c. Paul Graydon (Jun 08)
    - Re: Password safes &c. (was: Dear Linkedin,) Lyndon Nerenberg (Jun 08)
    - Re: Password safes &c. (was: Dear Linkedin,) Jay Ashworth (Jun 09)

(Thread continues...)