[cryptography] Password non-similarity?

Kevin W. Wall kevin.w.wall at gmail.com
Sat Dec 31 22:47:10 EST 2011


On Sat, Dec 31, 2011 at 10:32 PM, Jeffrey Walton <noloader at gmail.com> wrote:
> On Sat, Dec 31, 2011 at 10:29 PM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
>> On Sat, Dec 31, 2011 at 9:56 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>>> On Sat, Dec 31, 2011 at 9:05 PM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
>>>> On Tue, Dec 27, 2011 at 6:12 PM, Steven Bellovin <smb at cs.columbia.edu> wrote:
>>>> [snip]
>>>>>[snip]
>>
>>>> It would give people an opportunity to teach
>>>> how to create secure passwords and to critique weak ones by
>>>> showing why they are weak.
>>> I think this would be a bad idea. I imagine it would promote stemming
>>> related attacks. If not completely anonymous and coupled with some
>>> reconnaissance (IP => Company, find some users at company.com), it
>>> could prove to be a very dangerous practice.
>>
>> Well, I wasn't referring to making the results "public", but rather treating
>> them as proprietary, within the confines of a company. Should have made
>> that clear.
> Gotcha. Treat it as IP - perhaps a creative work - and protect it
> through Copyright and DRM in case of loss ;)

Seriously, that's a great idea. I'm going to see if I can get our
attorneys to patent it before you. Ha!

-kevin
-- 
Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein



More information about the cryptography mailing list