On Tue, Feb 3, 2015 at 11:20 AM, Scott Robbins <[email protected]> wrote:
>>
>> I don't think anybody is missing anything. "Palindrome" in this context
>> may not be limited to real words; the author may be suggesting that you
>> not pick your password by picking a real word and tacking on its
>> reverse to make a palindrome, e.g., "password1drowssap".
>>
>
> Ah, that makes sense then, thanks.
I think the intent is: "Don't use a password likely to be included in
the list that an attacker would try". Of course if services would
rate-limit the failures by default or at least warn you about repeated
failures and their source, brute-force attacks would rarely succeed.
But fixing the problem doesn't seem to be the point here.
--
Les Mikesell
[email protected]
_______________________________________________
CentOS mailing list
[email protected]
http://lists.centos.org/mailman/listinfo/centos
