[clug] [OT] all text passwords == secure?
Sam Couter
sam at couter.id.au
Tue Aug 28 08:23:04 MDT 2012
steve jenkin <sjenkin at canb.auug.org.au> wrote:
> I like your example of 'diceware'.
> Seems useful, so thanks very much for the info.
> Even 5 words from a published 7500 word list would take a year or two to
> crack with modern machinery... Certainly sets you apart from the
> low-hanging fruit. Only Advanced Persistent Threats will go there.
I figure it's enough that the whack-him-with-a-wrench attack is more
likely, and I have very little defence against such an attack.
> As an aside, I still treasure an email from years ago when I asked
> someone not to send word-doc attachments when not necessary, as I then
> used a simple command-line mail reader as a protection against viruses
> and other nasties.
Did you know that pine and mutt have both been vulnerable to buffer
overrun attacks of the remote-code-execution kind? They have much
smaller attack surfaces than programs like Outlook just because of their
simplicity and lack of features, but they're by no means immune.
--
Sam Couter | mailto:sam at couter.id.au
OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/linux/attachments/20120829/1904431c/attachment.pgp>
More information about the linux
mailing list