|
From: Leif Svalgaard <leif@leif.org> > From: Booth Martin <Booth@MartinVT.com> > > Please explain why what you've described isn't the same as a better > > lock on the henhouse door after the fox is already living inside the > > henhouse. > > > > Because most (urban legend has it at 80%) of attacks come from > insiders. They know what is valuable and worth going after. > My answer was not good. Here is another go: an attacker may get a hold of information needed to allow a dictionary attack if he gets lucky (QSECOFR left the terminal signed on while taking a p-break...). Later on, the attacker can use that for a dictionary attack (maybe even using his PC). Having gotten the passwords of important users, he can then later on impersonate these and the machine couldn't tell the difference. The goal is to make a dictionary attack infeasible, by 1) not use words coming from a dictionary 2) use upper and lower case to enlarge the keyspace 3) use one or two special characters to do same The main point is: DON'T START FROM A DICTIONARY.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.