[Discuss] deadmanish login?
Kent Borg
kentborg at borg.org
Fri Feb 3 14:03:26 EST 2017
On 02/03/2017 01:42 PM, Richard Pieri wrote:
> On 2/3/2017 12:43 PM, Dan Ritter wrote:
>> a) it has a zero-latency, no penalty for wrong-guesses method of
>> trying passwords
> In this case security depends almost entirely on intrusion prevention
> systems.
But to do that the place where the attacker has to break in is the
target system itself. Once the attacker has broken into the target
system the attacker is, um, in the target system! At the point it
doesn't matter how good or bad your password is, the target is cracked open.
No, I don't care if the attacker can crack the hash once the target is
broken: Because I don't recycle passwords.
And if you do recycle passwords? You are lazy, a fool, or both.
-kb, the Kent with limited sympathy for lazy fools.
More information about the Discuss
mailing list