[cryptography] Password non-similarity?

dan at geer.org dan at geer.org
Sat Dec 31 22:03:53 EST 2011


If I can get a list of user names, then it is more efficient
for me to pick a really common password and iterate across
user names.  Not helpful to the attacker aiming for a named
target, but likely to work pretty well in, say, the universe
of Facebook names, and I don't trigger 3-strikes-and-you're-out
alarms.  No?

Tangentially,

--dan





More information about the cryptography mailing list