Lan Barnes wrote: > > I'm sitting here biting my tongue ... but I would argue that password > aging, and also multiple logon/passwords, undercut security by forcing > people to record them. > > One good password that you don't share and can remember is better.
I tend to agree. Now get everyone that uses a computer to have one good password, never write it down, and never have it leaked. Ever. Very tall order. Now trust Amazon, EBay, Yahoo, Google, Paypall, various web forums, DragonFable, all other online games, New York Times (the list goes on ad infinitum) to never leak the password, and trust all your users to never fall victim to a phishing scam. Trust that all external entities never have their password database exposed, or their systems breached. How long will it take John the Ripper to crack the following password when encrypted with 3DES (crypt): Xk`Lc3`@ the 3DES hash is: saHC9KkHK6KEQ the MD5 hash is: $1$Salthere$82kk8KvCc/DM54Fr4KNVv1 That is the longest your password is good for. Yours is probably not good for that long. They have better computers. And more of them. -john Maybe I am a bit more paranoid. Maybe I am not paranoid enough. -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
