On 11/18/2013 08:35 PM, Gillian Densmore wrote:
Password cracking? Hmm- as to how? I can add a little insight into this
one. Password cracking is just one tool.
You can always just _ask_ for their passwords, too! ;-)
Exclusive: Snowden persuaded other NSA workers to give up passwords -
sources
http://www.reuters.com/article/2013/11/08/net-us-usa-security-snowden-idUSBRE9A703020131108
During the worst of the Wen Ho Lee experience 15 years ago, I had at
least one person who should definitely have known better ask me for my
*classified* password on the phone (intra-laboratory) to avoid waiting
for me to come take care of something for him (15 min walk). This is
someone who had even been yanked out of bed at midnight by the FBI for a
polygraph under bright lights (yes, they did use blanket harrassment
techniques during that period for people *not* directly related to or
implicated in Wen Ho's folly).
I had already decided to make my passwords so vile that nobody besides
me would be able to stomach typing them, but in this case we were stuck
with computer generated ones (refreshed regularly) and had not yet been
set up with CryptoCards. The two-factor (crypto (have) + pin (know))
system meant that I couldn't have shared my login credentials with him
if my life depended on it (excepting if he already had MY cryptocard in
his posession). If he had pulled rank on me (which was his style and
he did have lots of rank) I would have spelled out one of my disgusting
style ("e8sh@tMo%fo!") and let him try it a few times until he gave up
and either realized I was sh@tting him around or just gave up and
waited for me to come and do it correctly.
- Steve
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com