Robin Laing wrote: > Harold Fuchs wrote: >> On Tuesday, January 23, 2007 4:57 PM [GMT+1=CET], >> Dan Lewis <[EMAIL PROTECTED]> wrote: >> >>> Comments inline. >> >> The only real way to defeat a dictionary attack is to destroy the >> encrypted document after <x> failures (x = 3, 5 ?) and hope the attack >> isn't lucky within that <x>. One can also delay things considerably by >> saying "after <x> failed attempts you can't try again for <n> minutes". > > I think that this should be the default. Of course if someone wishes, > they could write an application to get around this limitation so we are > back to a good algorithm to encrypt the data. > > Three strikes and you're out. Now I think that might make some people pay attention. I don't think you'd like to have two years worth of work go up in smoke. But then, people would go towards the easiest thing they could: writing the passwords on their desk, and we're back to where we were before.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
