[Discuss] deadmanish login?

Kent Borg kentborg at borg.org
Fri Feb 3 14:03:26 EST 2017


On 02/03/2017 01:42 PM, Richard Pieri wrote:
> On 2/3/2017 12:43 PM, Dan Ritter wrote:
>> a) it has a zero-latency, no penalty for wrong-guesses method of
>> trying passwords
> In this case security depends almost entirely on intrusion prevention
> systems.

But to do that the place where the attacker has to break in is the 
target system itself. Once the attacker has broken into the target 
system the attacker is, um, in the target system! At the point it 
doesn't matter how good or bad your password is, the target is cracked open.

No, I don't care if the attacker can crack the hash once the target is 
broken: Because I don't recycle passwords.

And if you do recycle passwords? You are lazy, a fool, or both.

-kb, the Kent with limited sympathy for lazy fools.



More information about the Discuss mailing list