Cracking Dead People's Passwords
Bill Stewart
bill.stewart at pobox.com
Sat Jul 6 12:37:10 PDT 2002
One of the usual arguments for key escrow was always
"what if your employee dies and you can't get his data?"
Secret Sharing techniques are of course a better approach,
or at least storing sealed envelopes in company safes
as a much better approach than pre-broken crypto.
There've been a couple of stories in the press recently
where weak passwords also solved the problem.
One was a radio piece, I think NPR, about one of the companies
in the World Trade Center who'd lost their computer administrators
in the 9/11 attacks. The remaining employees got together and
started telling stories about their co-workers - their interests,
their family members, where they'd gone on vacation, their dogs' names, etc.
They got most of the passwords. (It was a piece about modern management
styles, and how in older hierarchical companies there'd be fewer
people who knew the new employees well enough to do that.)
The other was about the loss of the database of the personal
library collection of one of the main linguists studying one of
the two main Norwegian dialects. It's now been cracked...
RISKS-FORUM Digest 22.13
http://catless.ncl.ac.uk/Risks/22.13.html
More information about the cypherpunks-legacy
mailing list