[ale] password management

[J.M. Taylor]

Jonathan Rickman said:
> On Wednesday 23 July 2003 12:00, J.M. Taylor wrote:
>

> Internal hostnames are not always the same as published dns records.
> Insiders might have a slight edge, but they would have to know that you
> are  actually using the hostname. I do not actually use the hostname.
> Just  providing an example.

Of course you don't, I think I asked my question badly per ususal. :)

Let's take any string that's common to any set of passwords (ie, some
systems use the username as a salt, or some such), my question is more --
does it matter in a brute-force or even educated-guess type attack?  Or is
the complexity of
secret_thing<concat>special_characters<concat>common_string<concat>month
enough to foil those kinds of attacks? It certainly *seems* safer than me
making up a longish random password that I have to write down until it's
memorized...

jenn

-----------------
A lesson in computer security from Richard Feynman, circa 1943

'I'd keep complaining that the stuff was unsafe, and although everybody
*thought* it was safe because there were steel rods and padlocks, it didn't
mean a damn thing.

To demonstrate that the locks meant nothing, whenever I wanted somebody's
report and they weren't around, I'd just go into their office, open the
filing cabinet, and take it out.  When I was finished I would give it back
to the guy: "Thanks for your report."

"Where'd you get it?"

"Out of your filing cabinet."

"But I *locked* it!"

"I *know* you locked it.  The locks are no good."

.......

Finally some filing cabinets came which had combination locks....  These new
filing cabinets were an immediate challenge, naturally.  I love puzzles. 
One guy tries to make something to keep another guy out; there must be a
way to beat it!'

-- Richard Feynman, "Surely You're Joking, Mr. Feynman!"



_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale