Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: Password Cracking
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: Password Cracking
  • From: Miles Stevenson <[EMAIL PROTECTED]>
  • Date: Wed, 15 Sep 2004 21:09:23 -0400
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
  • Reply-to: [EMAIL PROTECTED]
.
 
<snip>
> I am calling this vulnerability Strong Passwords but Weak Systems.
</snip>

A good variation on this kind of attack is the slew of recent phishing 
attempts hitting your inbox on a regular basis. This and other forms of 
social engineering make password complexity irrelevant.

This is another good example of why it is not a good idea to rely on passwords 
for authentication. As a general practice, I try to keep password 
authentication as a last resort solution. Asymmetric cryptography (pub/priv 
keypairs) is my usual perferred solution, although skey, and other forms of 
biometrics are other alternatives that can sometimes be more appriopriate 
depending on your situation. My philosophy is that if it relies on passwords 
for authentication, its getting wrapped inside a VPN tunnel with better 
authentication mechanisms. 

-- 
Miles Stevenson
[EMAIL PROTECTED]
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63

Attachment: pgpHHJU8FxlEJ.pgp
Description: PGP signature

 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.