[cryptography] Password non-similarity?
Kevin W. Wall
kevin.w.wall at gmail.com
Sat Dec 31 22:47:10 EST 2011
On Sat, Dec 31, 2011 at 10:32 PM, Jeffrey Walton <noloader at gmail.com> wrote:
> On Sat, Dec 31, 2011 at 10:29 PM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
>> On Sat, Dec 31, 2011 at 9:56 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>>> On Sat, Dec 31, 2011 at 9:05 PM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
>>>> On Tue, Dec 27, 2011 at 6:12 PM, Steven Bellovin <smb at cs.columbia.edu> wrote:
>>>> It would give people an opportunity to teach
>>>> how to create secure passwords and to critique weak ones by
>>>> showing why they are weak.
>>> I think this would be a bad idea. I imagine it would promote stemming
>>> related attacks. If not completely anonymous and coupled with some
>>> reconnaissance (IP => Company, find some users at company.com), it
>>> could prove to be a very dangerous practice.
>> Well, I wasn't referring to making the results "public", but rather treating
>> them as proprietary, within the confines of a company. Should have made
>> that clear.
> Gotcha. Treat it as IP - perhaps a creative work - and protect it
> through Copyright and DRM in case of loss ;)
Seriously, that's a great idea. I'm going to see if I can get our
attorneys to patent it before you. Ha!
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents." -- Nathaniel Borenstein
More information about the cryptography