[ale] OT - New encryption technology using a piece of paper

Michael H. Warfield mhw at WittsEnd.com
Sat Sep 3 20:06:56 EDT 2011


On Sat, 2011-09-03 at 19:47 -0400, Michael Trausch wrote:

> Correct me if I'm wrong, a sniffer is going to get the password
> without the password change, right?  It doesn't take a password change
> to make a keylogger work... and there is some merit to periodic
> password changes, though I think they probably ought to be event-based
> ("our database was stolen", "we found bugs on keyboards", "someone
> stole surveillance video", "your password has been reset").  Of
> course, in some events you'll wind up replacing hardware as well, at
> least if you're not able to take the time to inspect it thoroughly first.

I wouldn't say "you are wrong" only that "forced" password changes
afford more opportunity for keyloggers, trojans, password sniffers, and
shoulder surfers to snatch passwords.  The forced changes provide no
benefit and yet add that little tiny extra opportunity of additional
threat.  And, yes, there are password sniffers that will fire on
password changes so they follow your changes as you make them.  Factor
it in how you will.

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110903/674fc786/attachment.bin 


More information about the Ale mailing list