As the saying goes, there's no fixing stupid. :)
- William On Mon, Jul 1, 2013 at 9:56 AM, Edward Ned Harvey (lopser) < [email protected]> wrote: > > From: [email protected] [mailto:[email protected]] > > On Behalf Of William J. Robbins > > > > At the end of the day if someone knows enough to bother encrypting their > > system in the first place they know to use a decent passphrase... > > I must disagree. :-) I mean, :-( > > Without any wrench, using a typical home PC and completely unintelligent > brute force, you can get through ~ 2^43 password guesses in ~ a week. > Users often times disclose their passwords voluntarily, just based on > trust. And as described in http://xkcd.com/936/ most users choose > "strong" passwords that they keep secret, that are guessable within the > first ~ 2^28 guesses. > > Equally bad, I've seen companies where IT deployed TrueCrypt whole-disk > protection to all their users, with the same password. 6 characters. > > Users often choose 6 or 8 char passwords ... Heck, I've systems that > *don't accept* passwords longer than 8 chars. (They let you type in more > than 8, but it gets truncated at 8, so "ObamaAreEvil" == "ObamaAreGreat") > > Even if a 7 char password was completely random and memorized (it never > is; because it's got the kid's name or dog's name or something) then it > would still be 41 bits. >
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
