| 1 |
On Tue, Nov 10, 2015 at 11:55 AM, Michael Orlitzky <mjo@g.o> wrote: |
| 2 |
|
| 3 |
> On 11/10/2015 01:26 PM, Alan McKinnon wrote: |
| 4 |
> > |
| 5 |
> > I think you are approaching this problem from the wrong viewpoint. You |
| 6 |
> > have to assume an attacker has vastly more resources to bear on the |
| 7 |
> > problem than you have. Thanks to Amazon and the cloud, this is now a |
| 8 |
> > very true reality. Brute force attacking a root password is nowhere near |
| 9 |
> > as complex as the maths would lead you to believe; for one thing they |
| 10 |
> > are decidedly not random. The fact is that they are heavily biased, |
| 11 |
> > mostly due to 1) you need to be able to remember it and 2) you need to |
| 12 |
> > be able to type it. |
| 13 |
> > |
| 14 |
> > Humans have been proven to be very bad at coming up with passwords that |
| 15 |
> > are truly good[1] and hard for computers to figure out. And our brains |
| 16 |
> > and very very VERY good at convincing us that our latest dumb idea is |
| 17 |
> > awesome. Are you really going to protect the mother lode (root password) |
| 18 |
> > with a single system proven to be quite broken and deeply flawed by |
| 19 |
> wetware? |
| 20 |
> > |
| 21 |
> |
| 22 |
> I know all that, but I asked you to assume that I'm not an idiot and |
| 23 |
> that it would take forever to brute-force my root password =) |
| 24 |
> |
| 25 |
> I'm not going to tell you what it is, so you'll have to believe me. |
| 26 |
> |
| 27 |
> |
| 28 |
I guess from this your assuming that everyones passwords that have been |
| 29 |
hacked are god, birthdays and such? |
Archives