Re: One-line password generator

To: debian-user@lists.debian.org
Subject: Re: One-line password generator
From: Brian <ad44@cityscape.co.uk>
Date: Fri, 25 Aug 2017 18:11:22 +0100
Message-id: <[🔎] 25082017180638.eccb7482d618@desktop.copernicus.org.uk>
In-reply-to: <[🔎] 9da8f6c5-e969-e0d6-8dbf-76cfa64c231e@yandex.com>
References: <[🔎] e5575191-11c2-18f5-fe9c-5d40b0367d73@yandex.com> <[🔎] 20170823165737.GC15649@copernicus.org.uk> <[🔎] e8b3ccf7-e69d-1ce6-eb58-709708b7aacb@yandex.com> <[🔎] 20170823191148.GD15649@copernicus.org.uk> <[🔎] 27f7d34e-c86f-9898-df2f-a5e756b3c35d@yandex.com> <[🔎] 24082017181355.6b8eb9ad36fa@desktop.copernicus.org.uk> <[🔎] 20170825004941.GA15966@alum> <[🔎] slrnopvoka.3vn.curty@einstein.electron.org> <[🔎] 20170825165100.GE15649@copernicus.org.uk> <[🔎] 9da8f6c5-e969-e0d6-8dbf-76cfa64c231e@yandex.com>

On Fri 25 Aug 2017 at 11:55:01 -0500, Mario Castelán Castro wrote:

> On 25/08/17 11:51, Brian wrote:
> > However, users use passwords to log into accounts *online* and those
> > passwords are devised to withstand an *online* attack (of 100 tests per
> > second maximimum(?)). This is the only aspect a user can completely
> > control and many make a good job of it. Passwords which are long and
> > have some complexity but are not a burden on the user or impossible to
> > memorise would withstand such an attack. (This leaves aside the defences
> > the site itself has in place).
> > 
> > A user has no control over what happens at the other end. Knowledge
> > about how data are stored and safeguarded will be sparse, so the user
> > will have to make a risk assessment about that; only time will tell
> > whether it is correct. What doesn't seem quite right (morally and
> > technically) is for it to be implied that the user should take some
> > responsibilty for the site's (unknown) shortcomings.
> 
> Unless you have a good reason to think otherwise (e.g. *you* manage the
> web site and you know you are doing a good job), you should assume that
> the data-base with hashes passwords will leak without the system
> administrators noticing, and then an attack can be carried offline.

The problem with assumptions is that they often do not reflect the truth
of a situation and predispose us to making recommendations which are not
in the best interests of other people.

-- 
Brian.

Reply to:

Follow-Ups:
- Re: One-line password generator
  - From: Mario Castelán Castro <marioxcc.MT@yandex.com>

References:
- Re: One-line password generator
  - From: Mario Castelán Castro <marioxcc.MT@yandex.com>
- Re: One-line password generator
  - From: Brian <ad44@cityscape.co.uk>
- Re: One-line password generator
  - From: Mario Castelán Castro <marioxcc.MT@yandex.com>
- Re: One-line password generator
  - From: Brian <ad44@cityscape.co.uk>
- Re: One-line password generator
  - From: Mario Castelán Castro <marioxcc.MT@yandex.com>
- Re: One-line password generator
  - From: Brian <ad44@cityscape.co.uk>
- Re: One-line password generator
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: One-line password generator
  - From: Curt <curty@free.fr>
- Re: One-line password generator
  - From: Brian <ad44@cityscape.co.uk>
- Re: One-line password generator
  - From: Mario Castelán Castro <marioxcc.MT@yandex.com>

Prev by Date: Re: One-line password generator
Next by Date: Re: One-line password generator
Previous by thread: Re: One-line password generator
Next by thread: Re: One-line password generator
Index(es):
- Date
- Thread