Re: RFC-2898 Appendix B
From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 04/02/04
- Next message: Jean-Luc Cooke: "Re: Bibliography on MD5 attacks"
- Previous message: Jan Panteltje: "Re: DECT encrypted phones cracked in real time"
- In reply to: Kev: "Re: RFC-2898 Appendix B"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 02 Apr 2004 10:02:05 -0700
kev@novercia.f9.co.uk (Kev) writes:
> Some may consider this heresy, but I don't think writing down
> passwords is such a bad thing. You can write down a much stronger
> password than you can memorise. And when you write it down, the piece
> of paper effectively becomes an access token. So long as you keep it
> well hidden, and change the password regularly, I think you end up
> with better security than a weaker password committed to memory that
> you rarely change.
password-based (shared-secret) infrastructure from a purely
theoretical myopic stand-point isn't in itself bad necessarily bad
... the issue is the requirement for unique shared-secret for each
distinct security domain ... and what happens when a person becomes
involved in scores of distinct security domains ... each requiring
their own, unique, proveably secure shared-secret.
As long as the number of distinct electronic, online environments that
a person had to deal with was limited to a very few, shared-secrets
wasn't horribly difficult. It is the proliferation of electronic,
online environments such that a person is dealing with scores of
different environments ... all requiring their unique authentication
shared-secret.
So, I have a hundred different pieces of paper, each well hidden, and
each needing to be changed every month.
-- Anne & Lynn Wheeler - http://www.garlic.com/~lynn/
- Next message: Jean-Luc Cooke: "Re: Bibliography on MD5 attacks"
- Previous message: Jan Panteltje: "Re: DECT encrypted phones cracked in real time"
- In reply to: Kev: "Re: RFC-2898 Appendix B"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
