Password Difficulties

[Phil Karn]

>What do we do about a population which thinks a 4-digit PIN is secure?
>If people use their current ATM PINs--and a lot of computer users *do*
>when they are allowed--there will be problems: if we want privacy we
>had better figure out how to give everyone privacy.

There's a difference: as far as I know, ATM PINs can't be cracked
offline (somebody correct me if I'm wrong). The big problem here is
that you have to assume the attacker can do his thing offline. Require
an online trial for every test key and it becomes much easier to
detect this sort of thing.

Phil