Andreas Heinlein <[EMAIL PROTECTED]>:
>
>> Executive summary: If you have ever used Strip for the Palm to
>> generate your passwords, change them. Change them NOW.
>
>I think you forgot to mention the attacker has to know you generated
>the passwords with Strip...
Whether or not an attacker _knows_ this, it does leave him with a
promising 64K possibilities to try first - together with fred, password,
secret, etc. It's quite possible that some other password generators
have the same flaw, and also populate that same restricted set.
>Not likely in many cases, I think.
Unless they've watched their sysadmin ...
Alan Bellingham
--
