Vince Hoang wrote: > On 10/25/07, Jim Thompson <[EMAIL PROTECTED]> wrote: > >> If passwords weren't "dead" already, this (or having the botnet do it >> on the CPUs) finished them. >> > > > In a world where bank PINs are 4 numeric digits can you suggest practical > alternatives? Biometrics are not mature enough. Two-factor authentication > has existed for a long time but is not cost effective for the average > consumer. > The article talks about ntlm and pgp. The answer is not passwords that are more complicated, it is passwords that can't be anonymously downloaded and cracked offsite. It doesn't matter how crappy your shadow password is if someone can only try an ssh attempt every 2 seconds or so. NTLM passwords are freely available to any decent cracker with a network connection to the windows machine. If your PGP secrets are important, and you expect someone to get at them, you'd better have a ridiculously large key.
-Eric Hattemer _______________________________________________ LUAU@lists.hosef.org mailing list http://lists.hosef.org/cgi-bin/mailman/listinfo/luau
