Re: A better way to think about passwords

2011-04-21 Thread Nicholas Cole
Isn't the real problem that *any* policy (suggested or enforced) reduces the complexity of guessing a password? The moment you start saying "pick three words separated by a space or dash" or "pick eight random letters" or the like you make it easier to attack a password. My employer insists on pas

Re: A better way to think about passwords

2011-04-21 Thread Robert J. Hansen
> In short: don't force a particular strategy on your users. Much > better to explain to users the general problem, and then leave it up > to them to pick a password. Historically speaking, this has shown not to work. I'll try to dig up the HCI references if people really want, but the gist of

Re: A better way to think about passwords

2011-04-21 Thread Jean-David Beyer
Robert J. Hansen wrote: >> In short: don't force a particular strategy on your users. Much >> better to explain to users the general problem, and then leave it >> up to them to pick a password. > > Historically speaking, this has shown not to work. I'll try to dig > up the HCI references if peo

Re: A better way to think about passwords

2011-04-21 Thread Devin Fisher
If you leave it up a user, they'll choose nothing, or the last four of the social. There should be criteria, but not public criteria. --Original Message-- From: Nicholas Cole Sender: gnupg-users-boun...@gnupg.org To: gnupg-users@gnupg.org Subject: Re: A better way to think about passwords

backend found

2011-04-21 Thread Renay Oshop
this may be know already, but I found this in today's Malware Bytes logfile Files Infected: c:\program files\GNU\GnuPG\gpgkeys_curl.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\program files\GNU\GnuPG\gpgkeys_finger.exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\

Re: backend found

2011-04-21 Thread Robert J. Hansen
On 4/21/11 1:03 PM, Renay Oshop wrote: > this may be know already, but I found this in today's Malware Bytes logfile Don't panic. :) This is not a defect in GnuPG, but rather an infection by a piece of malware. Hopefully you'll be able to deal with the malware quickly and effectively. Good luc

Re: A better way to think about passwords

2011-04-21 Thread MFPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 21 April 2011 at 2:20:51 PM, in , Jean-David Beyer wrote: > I do not think it is entirely not wanting to be > educated. But if the education takes several hours a > week to keep up with and to administer my own > responsibilities i

Re: A better way to think about passwords

2011-04-21 Thread Jean-David Beyer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MFPA wrote: > Hi > > > On Thursday 21 April 2011 at 2:20:51 PM, in > , Jean-David Beyer wrote: > > >> I do not think it is entirely not wanting to be >> educated. But if the education takes several hours a >> week to keep up with and to administer