[cryptography] Password non-similarity?

Jeffrey Walton noloader at gmail.com
Sat Dec 31 22:32:11 EST 2011


On Sat, Dec 31, 2011 at 10:29 PM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
> On Sat, Dec 31, 2011 at 9:56 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>> On Sat, Dec 31, 2011 at 9:05 PM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
>>> On Tue, Dec 27, 2011 at 6:12 PM, Steven Bellovin <smb at cs.columbia.edu> wrote:
>>> [snip]
>>>>[snip]
>
>>> It would give people an opportunity to teach
>>> how to create secure passwords and to critique weak ones by
>>> showing why they are weak.
>> I think this would be a bad idea. I imagine it would promote stemming
>> related attacks. If not completely anonymous and coupled with some
>> reconnaissance (IP => Company, find some users at company.com), it
>> could prove to be a very dangerous practice.
>
> Well, I wasn't referring to making the results "public", but rather treating
> them as proprietary, within the confines of a company. Should have made
> that clear.
Gotcha. Treat it as IP - perhaps a creative work - and protect it
through Copyright and DRM in case of loss ;)

Jeff



More information about the cryptography mailing list