Sure thing. In general, if your users are using pass-phrases shorter than 9 characters, they can be cracked. If they use pass-phrases longer than 9 characters, they may not be crackable. As someone else said, if they are using two-factor authentication, they are in good shape.
On Mar 26, 2008, at 10:25 AM, Owens Bernard B wrote: > On Tue, 25 Mar 2008 20:04:29 -0700, Simson Garfinkel wrote: > >> But if you use strong passphrases and your users are torture-proof, > they're probably on a pretty good footings. > > My users are tax collectors. They don't care enough to be > torture-proof. For them, the methods you cite are of no practical > value, being either unnecessary or illegal. > > For the general public, though, I think the original story spread > disinformation. The quote from the DS made it sound like encryption > simply doesn't work and so, to quote from another area of interest, > "Resistance is futile." I find this sort of spin from law enforcement > sources rather unsettling. It smacks of a lack of integrity and > intellectual honesty. I always hope for better. > > Thanks for your thoughts, > > Bernard Owens > USTreas/IRS > > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde > _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
