[ale] OT: password gripe

Charles Shapiro hooterpincher at gmail.com
Thu Dec 31 16:00:58 EST 2009 

You are of course absolutely correct, and witty to boot.
I am merely pointing out the inherent risk of discussing passwords and
security.

-- CHS


On Thu, Dec 31, 2009 at 12:05 PM,  <krwatson at cc.gatech.edu> wrote:
>> -----Original Message-----
>> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
>> Charles Shapiro
>> Sent: Thursday, December 31, 2009 10:05
>> To: Atlanta Linux Enthusiasts - Yes! We run Linux!
>> Subject: Re: [ale] OT: password gripe
>>
>> Ah, so what you're telling me is I only need to beat one password out
>> of you. Hmm. Useful.
>>
>> -- CHS
>>
>
>
> Charles,
>
> True, but let us analyze your use of rubber hose password decryption.
>
> 1. There is no such thing as perfect security.
>
> 2. All passwords are susceptible to this method.
>
> 3. Once used it works for all the passwords the target knows so it really doesn't matter how many there are.
>
> 4. It works faster on the person who has the password if you use it on someone else the person cares about. According to TV and movies this method even works on people like Jack Bauer.
>
> 5. In order to use it you have to be in physical proximity of the target. This makes it as dangerous for the attacker as it does for the target.
>
> 6. It violates the law and all social custom so the data must be worth the risk. My data isn't worth that much, if it were I would put in safe guards similar to what I used in my previous line of employment making it very high risk for the attacker.
>
> 7. Given the inherent physical risk of rubber hose password decryption a remote attack is the most likely.
>
> 8. KeePass can use a pass phrase and/or two factor authentication using keys. This renders it less susceptible to the post-it note (also high risk to the attacker) and remote attack.
>
> I see your rubber hose decryption and raise you reasoned risk analysis,
>
> keith
>
> --
>
> Keith R. Watson                        Georgia Institute of Technology
> Systems Support Specialist IV          College of Computing
> keith.watson at cc.gatech.edu             801 Atlantic Drive NW
> (404) 385-7401                         Atlanta, GA 30332-0280
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

More information about the Ale mailing list