From: Leif Svalgaard <leif@leif.org>

> From: Booth Martin <Booth@MartinVT.com>
> > Please explain why what you've described isn't the same as a better
> > lock on the henhouse door after the fox is already living inside the
> > henhouse.
> >
>
> Because most (urban legend has it at 80%) of attacks come from
> insiders. They know what is valuable and worth going after.
>

My answer was not good. Here is another go: an attacker may
get a hold of information needed to allow a dictionary attack if
he gets lucky (QSECOFR left the terminal signed on while taking
a p-break...). Later on, the attacker can use that for a dictionary
attack (maybe even using his PC). Having gotten the passwords
of important users, he can then later on impersonate these
and the machine couldn't tell the difference. The goal is to
make a dictionary attack infeasible, by
1) not use words coming from a dictionary
2) use upper and lower case to enlarge the keyspace
3) use one or two special characters to do same

The main point is: DON'T START FROM A DICTIONARY.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.