On Thu, 12 Jan 2012 06:30:03 -0500 Tanstaafl <tansta...@libertytrek.org> wrote:
> On 2012-01-11 5:51 PM, Alan McKinnon <alan.mckin...@gmail.com> wrote: > >> 2. Change the character set used (I always do this) > > I like this one:-) > > > > yes, I know it's really just security by obscurity in disguise but I > > still like it. > > Actually, I disagree vehemently that it is 'security through > obscurity'... I'd disagree with your disagreement. There's two usages of the phrase, the first is very disparaging and the second is simply descriptive. I'm using the second meaning. Changing the ssh port (and even crypto keys on DVDs) is just a brain-dead approach, we agree on that. We rightfully rip a new one to people advocating doing this. Changing the character set; well that's quite clever actually. You have a decent security strength underneath it and add an extra layer to increase the entropy even more (sort of like salting a hash). If an attacker figures out you're doing it, it won't be hard to undo it, then only to be faced with a *much* harder problem. So it's just a description, not an insult. Don't read it as such > > It would be next to impossible to 'guess' what changes to any given > character set any one person randomly chose to make (ie, adding one > additional '!' character in the middle of the character set in > between 'r' and 's') totally changes the resulting passwords that use > that character set. > > This is nothing like changing the port for SSH - a port scanner can > figure that one out in seconds... > > The fact is, there is *no* 'perfect' security measure, but > Passwordmaker is as close to one that I have found for managing > password (both online, and not)... > -- Alan McKinnnon alan.mckin...@gmail.com
