On Thu, Jan 31, 2002 at 03:02:43PM -0200, Andreas Hasenack wrote: > Em Thu, Jan 31, 2002 at 11:48:18AM -0500, Nicolas Williams escreveu: > > Actually, users are probably not picking better passwords today than 10 > > years ago, not unless they're forced to (and then they may write them > > We have to force them to pick even better passwords today, that's > what I meant.
Hardware is improving faster than culture... :) > > down). You can give them smartcards and combine that with passwords, but > > users can still be kidnapped and forced to login an attacker. There's no > > I'm really getting to your nerves, sorry about that. Heh. I meant that partly in a funny way. You really can't get perfect security. There's something worse than an outside attacker folks: an inside attacker, one that already has the desired access. Don't put too much effort into one link in the security chain - make sure you have no breaks. I maintain that Kerberos V is more than strong enough compared to other weak links in many chains that have a Kerberos link. Cheers, Nico -- -DISCLAIMER: an automatically appended disclaimer may follow. By posting- -to a public e-mail mailing list I hereby grant permission to distribute- -and copy this message.- Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.
