Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] password strength



Richard Pieri wrote:
> There's a huge misdirection in that Ars article that you cite. It
> presumes that the attacker has the password database. Fact is, if an
> attacker can get the entire password database...then it doesn't
> matter how strong your password is.

Yes, true. (I thought of that as well, but there is a limit to how many
disclaimers and angles I can address in a posting without it starting to
read like a terms of service contract. :-) )

But as others have pointed out, the reason why this sort of an attack is
still relevant is that it is similar to an offline attack that could be
performed on your password safe or other encrypted files.

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org