Richard,
Richard Pieri richard.pi...@gmail.com writes:
On 8/28/2014 1:40 PM, Derek Atkins wrote:
Passwords? We don't need no stinking passwords! You don't need to know
your user's passwords, you have access to their keys! If I could dump a
copy of your KDC database then I could then
On Thu, Aug 28, 2014 at 11:12:09PM +, Edward Ned Harvey (blu) wrote:
From: Dan Ritter [mailto:d...@randomstring.org]
Sent: Thursday, August 28, 2014 6:59 PM
Suppose we play the game, and I think of a phrase, and you say
the magic word is squeamish ossifrage, and purely by chance,
On 8/29/2014 7:12 AM, Derek Atkins wrote:
A bad actor can do *everything* with a compromised KDC. Yes, there are
steps to prevent compromise, just like there are steps to prevent
compromise of an X.509 CA. The main difference here is that if I
Except there aren't. X.509 lacks mechanisms to
On 8/29/2014 12:33 AM, Bill Bogstad wrote:
camp -- wireless -- G router -- wired -- N router -- wireless -
local clients
This is preferable.
camp -- wireless -- G router -- wireless -- N router -- wireless
- local clients
This is what I suggested, using the Repeater Bridge, if wired between
On 8/29/2014 7:12 AM, Derek Atkins wrote:
So let me rephrase, because you're right a dump of the kdc database is
still encrypted in the master key. But if I can get a clone of the KDC
disk then I've got *everything*, not just able to impersonate but as I
stated before also able to read most
On 8/29/2014 8:23 AM, Matthew Gillen wrote:
My understanding (and it's possible I made this up, I can't seem to find
any supporting documentation with a cursory search of the intertubes) is
that the main approach to dealing with CA compromises is to use
chaining: you have the root CA(s) locked
I know this is beating a dead horse, and also OT for the vnc topic.
Suppose you pick a word randomly from a word list, suppose it's the GSL, and
the word selection is worth approx 11 bits of entropy. If that word happens to
be a then you have 11 bits per character. If the word happens to be
[changing subject line in case this continues further]
On Fri, Aug 29, 2014 at 11:14 AM, Edward Ned Harvey (blu)
b...@nedharvey.com wrote:
This would mean that each word in a sentence is 0.67 times as random as a
perfectly random word.
I don't buy it.
I swear that measurement is grossly
I have a better solution: use a FIPS 181 password generator to generate
a phrase of nonsense, stuff that into your encrypted keychain, and be
done with it.
--
Rich P.
___
Discuss mailing list
Discuss@blu.org
On Fri, Aug 29, 2014 at 1:32 PM, Richard Pieri richard.pi...@gmail.com wrote:
I have a better solution: use a FIPS 181 password generator to generate
a phrase of nonsense, stuff that into your encrypted keychain, and be
done with it.
That's fine for JFDI.
Assuming FIPS-181 'words' are mnemonic
On 8/29/2014 7:22 PM, Bill Ricker wrote:
That's fine for JFDI.
Assuming FIPS-181 'words' are mnemonic enough for you.
It's not me. It's my keychains. The only passwords or phrases that I
need to remember are the ones to unlock my keychains. I stuff pretty
much anything that I want into a
11 matches
Mail list logo
