Re: Security awareness (Re: Questions regarding using ciphers..)

Mok-Kong Shen (mok-kong.shen@stud.uni-muenchen.de)
Wed, 28 Apr 1999 11:04:34 +0200

• Next message: Robert Hettinga: "electronic cash payment system demo"
• Previous message: Wei Dai: "Re: (x * x) % y"
• In reply to: mok-kong shen: "Re: (x * x) % y"

Daniel J. Frasnelli wrote:

> The moral of the story is that password-based authentication
> is indeed a weak link in the chain, but it's certainly not the only one.
> A person may boast the most obfuscated passwords this side of the
> galaxy, but social engineering, pinhole video cameras, and covert
> channels can make short work of even the most complicated password.
> Intelligence and counterintelligence is a fun topic - the best defense
> is to remain alert and choose your moves carefully.

One can partition one's applications into a few groups, dependent
on the security level and nature of applications, and assign
passwords to them to be changed at appropriate intervals. Hence I
agree with you that remembering these few passwords shouldn't pose a
big memory problem. If one is using a number of machines, I suppose
a good way is to choose one to be at the top level of one's secrets
and arrange the access permits such that one can access from this
machine the other machines but not the other way round so that
forgetting a password of the other machines has an instant workaround
by the user himself.

M. K. Shen
http://www.stud.uni-muenchen.de/~mok-kong.shen/ (Updated: 12 Apr 99)

• Next message: Robert Hettinga: "electronic cash payment system demo"
• Previous message: Wei Dai: "Re: (x * x) % y"
• In reply to: mok-kong shen: "Re: (x * x) % y"