Re: Continuous brute force attempt from own server !!! (OT question)
On Tue, Jul 30, 2013 at 08:49:35AM +0900, Joel Rees wrote:
> And I find myself puzzling over whether re-cycling a password by running it
> through an encryption device and using the encryption result as the new
> password is better or worse than using a random password generator.
>
> Obviously, systemizing the process would set up a huge vulnerability,
Please, no neologisms. If you mean streamlining, then obviously you
would take that into account during the planning phase.
> relative to former employees and others who might get access to the process
> and historical passwords.
>
> On the other hand, picking a different encryption or even just a different
> encryption key at random would defeat the attempt to re-construct the
> generation chain.
>
> If there were some need to be able to re-create the sequence of passwords,
> it might be useful, and it might be considered less exposing than leaving
> the old passwords in some closely guarded database.
>
> (And having to think that deeply about such things ...
I believe, it is called cost benefit analysis. :)
> ... is usually indication of structural problems in the organization.
Convincing/reasoning with the "powers that be" seems to be
another issue: :(
http://www.3news.co.nz/Whistleblowers-reject-Collins-hacker-label/tabid/1607/articleID/293669/Default.aspx
--
"If you're not careful, the newspapers will have you hating the people
who are being oppressed, and loving the people who are doing the
oppressing." --- Malcolm X
Reply to: