[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Continuous brute force attempt from own server !!! (OT question)

On Tue, Jul 30, 2013 at 12:19 AM, Chris Bannister <cbannister@slingshot.co.nz> wrote:
On Mon, Jul 29, 2013 at 11:26:17PM +0900, Joel Rees wrote:
>
> Do you mean actually recycled? Or are you thinking of one-time pads?

Not really.

Umm, what about:
http://www.logicalsecurity.com/resources/whitepapers/Cryptography.pdf

"... We'll cite two kinds of rotation ciphering machines: the Jefferson
disk and the ..."

And the term "rotation" crops up in the actual ciphering technique, e.g.
http://en.wikipedia.org/wiki/Caesar_cipher

"... For instance, here is a Caesar cipher using a left rotation of
three places, equivalent to a right shift of 23 (the shift parameter is
used as the key): ..."

And as the technology "evolved" the terminology did not and got infused
into modern technology.

Yeah, that possibility occurred to me, too.
 
E.g. "Hey Barman, can you put that on the slate mate." :)

I'm not sure if my reasoning is accurate or not, but it sounds darned
good to me. :)

So much of our reasoning is post-facto rationalization. It's important to recognize that a reasonable interpretation is not necessarily an accurate description of events, even when it may be an informative interpretation.

--
"If you're not careful, the newspapers will have you hating the people
who are being oppressed, and loving the people who are doing the
oppressing." --- Malcolm X[🔎] 20130729151946.GA1893@tal" target="_blank">1893@tal

And I find myself puzzling over whether re-cycling a password by running it through an encryption device and using the encryption result as the new password is better or worse than using a random password generator.

Obviously, systemizing the process would set up a huge vulnerability, relative to former employees and others who might get access to the process and historical passwords.

On the other hand, picking a different encryption or even just a different encryption key at random would defeat the attempt to re-construct the generation chain.

If there were some need to be able to re-create the sequence of passwords, it might be useful, and it might be considered less exposing than leaving the old passwords in some closely guarded database.

(And having to think that deeply about such things is usually indication of structural problems in the organization. And then there is the question of whether that particular organization should try to fix the structural problems or should try to get along with partial remedies. And so it goes.)

If rotating stock as a metaphor helps the sales crew to understand the necessity of regularly changing passwords, I'd use it as a metaphor.

--
Joel Rees
Reply to: