Monday, September 26, 2005

On the insecurity of passwords/passphrases these days

In a posting to the cryptography mailing list. Interesting statistics in the presentation. Update your threat models!

Folks might want to look at
the slides from a talk Christian Huitema gave at the Applications Area
at IETF63 this past week. Of particular interest is just how cheap it
is to brute-force a passphrase these days, especially if it's just used
as a cryptographic key with known plaintext (i.e., in challenge/
response protocols).

--Steven M. Bellovin,

No comments:

Post a Comment