On 5/6/20 7:58 PM, Rich Pieri wrote:
Proof against dictionary and rainbow table attacks against compromised account databases,
Why do you care about rainbow attacks? Once a site is so badly compromised that an attacker the account database...what difference does it make if your plaintext password can be acquired? They are so owned.
Unless you have reused that password elsewhere...
and making brute force atacks against my accounts take longer than the low hanging fruit.
I'm content to have password lives that are on-order similar to my life. I don't see the purpose in password lives that are on-order matched to longer than the expected live of the universe.
I call straw man. My passwords are not used by a human being beyond generation and copy-pasting into my vaults. Therefore, human-centric constraints such as being memorable are unnecessary. Therefore, there is no actual cost or loss of security.
Which is near where we started. By having passwords so cumbersome that they require convenience-driven password management you are betting that your password manager software is, for some magical reason, bug-free.
-kb _______________________________________________ Discuss mailing list Discuss@lists.blu.org http://lists.blu.org/mailman/listinfo/discuss
