On 1/01/12 18:09 PM, coderman wrote:
On Sat, Dec 31, 2011 at 9:36 AM, ianG<[email protected]> wrote:
...
When I was a rough raw teenager doing this, I needed around 2 weeks to pick
up 5 letters from someone typing like he was electrified. The other 3 were
crunched in 4 hours on a vax780.
how many samples? (distinct shoulder surf events)
About 1 a day, say 10, without making it obvious.
2 weeks sounds really generous.
He was really fast... he'd been caught before, it was all fair game to
the obnoxious unwashed ones. Trick was, it was the spanking new system
5 vax 780 code from bell labs, not the locally hardened level 7 version
(locally called kevunix), and it had the old unfixed ... 8 character
password limit ;-) So the other 20 or so were thrown away.
Force-changing the password reduces the exposure to shoulder-surfing. In
some corporate environments they also see password changes as a way to
reduce account sharing, but then users typically fight back with the +1
technique.
yup. this whole threat is a good example of why single sign on with
multi-factor auth is great. let the password be weak - it is only a
liveness / confirmation check. the real auth is in protected, tamper
evident (maybe resistant) hardware storage.
still sad the 1-wire tech never took off. crypto stick looks good; but
haven't played with one yet... [0]
and RSA SecurID is not, of course. ;)
An awful lot depends on what you are trying to do. Compliance? Legal
contract? Liability limitation? Hack prevention? End-user security?
Productivity?
Security is not a goal to its own. The first step in any analysis is to
understand the business model. There's actually little wrong with an
office sharing a bunch of accounts based on role not person, and they'll
do it regardless of what you design or intend. So the smart money used
to be on locking down external/physical access completely, and letting
the locals run amok. Of course, that's getting more and more difficult.
It is only in recent times that people have started to rethink, and decided
the pre-Internet model is unhelpful.
changing context; it's harsh on threat models!
Yep. Or not, as the case may be. If there is no disconfirming
information, the system can be stable. If there is no threat, the
security model works perfectly, it defeat all threats, as designed.
Unravelling that trap can be hard, because the original threat model has
been replaced with a belief model.
0. Crypto Stick
http://www.privacyfoundation.de/crypto_stick/crypto_stick_english/
Nice!
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
