Excerpts from internet.cypherpunks: 5-Apr-94 one small comment about a b.. by Bob Stratton@uunet.uu.ne
"tmp" == tmp <tmp@netcom.com> writes:
... tmp> unix passwords represent a reasonable amount of tmp> security. they prevent me from hijacking your account. more tmp> sophisticated levels exist.
I would take issue with this statement on its face. I refer you all to the recent House hearings on Internet Security, and the statements made by all of the panel members.
Note, he said *your* account. *My* password is immune to a dictionary attack, is yours. <Pause while everyone says "yes"> Now, people can choose their passwords, and you can choose a password that's easier to remember and harder to crack than a PIN number (or long distance number, or whatever). These recent hearings will alert (l)users to choose something other than "simple" ( <-- Ames ) as a password.
Reusable passwords are dead. Anyone who insists on using them is part of the problem, not part of the solution. If you won't do it for yourself, do it for your neighbors who will be attacked from your site.
Ummmm, yeah, or something. <reaches up, grabs a small piece of paper out of the air, unfolds it and reads what is written on it, looks up, and says "platypus."> Doncha love it when someone makes a claim like this, y'know, one that's so out there, so whacked, and doesn't back it up except with some limp attempt at coersion? I mean, I usually assume that people who can figure out how to send e-mail are intelligent enough to realize that people don't go for this sort of thing. I just don't get it. Shaking his head disappointedly, jer darklord@cmu.edu | "it's not a matter of rights / it's just a matter of war finger me for my | don't have a reason to fight / they never had one before" Geek Code and | -Ministry, "Hero" PGP public key | http://www.cs.cmu.edu:8001/afs/andrew.cmu.edu/usr25/jbde/