On 02/03/2017 01:42 PM, Richard Pieri wrote:
On 2/3/2017 12:43 PM, Dan Ritter wrote:
a) it has a zero-latency, no penalty for wrong-guesses method of
trying passwords
In this case security depends almost entirely on intrusion prevention
systems.
But to do that the place where the attacker has to break in is the
target system itself. Once the attacker has broken into the target
system the attacker is, um, in the target system! At the point it
doesn't matter how good or bad your password is, the target is cracked open.
No, I don't care if the attacker can crack the hash once the target is
broken: Because I don't recycle passwords.
And if you do recycle passwords? You are lazy, a fool, or both.
-kb, the Kent with limited sympathy for lazy fools.
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
