|
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> *sigh* Human kind depresses me...
>
> At times it does me as well. That's part of the curse of being smart;
> it's easy to see how idiotic most of the populace is. Of course, we're
> *all* idiots from time to time.
Worrying fact: 50% of the population has below-average intelligence. (!!!)
>> Pah. Humans are so predictable. You show me a strong password, I'll show
>> you a hidden paper note. ;-)
>
> You won't find a hidden paper note on *my* desk. I do actually have a
> background in security and systems administration, so I know not to do
> that.
Very, very few people are capable of coming up with strong passwords
that they can actually remember.
> Muscle memory is a wonderful thing.
...until you get your right arm chopped off. :-P
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 12:03:55 +0100, Invisible wrote:
>>> a kernel-level debugger can see every octet of data in the machine's
>>> main RAM and swap file.
>>
>> Hmmm, so you've reversed your opinion on whether or not a memory dump
>> is useful? ;-) <scnr>
>
> Useful for trying to grab somebody's credit card number? Absolutely!
And how exactly do you propose to do that?
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 12:06:01 +0100, Invisible wrote:
>>> *sigh* Human kind depresses me...
>>
>> At times it does me as well. That's part of the curse of being smart;
>> it's easy to see how idiotic most of the populace is. Of course, we're
>> *all* idiots from time to time.
>
> Worrying fact: 50% of the population has below-average intelligence.
> (!!!)
LOL, but mathematically sound. More worrying is the 80% who think
they're above average drivers.
>>> Pah. Humans are so predictable. You show me a strong password, I'll
>>> show you a hidden paper note. ;-)
>>
>> You won't find a hidden paper note on *my* desk. I do actually have a
>> background in security and systems administration, so I know not to do
>> that.
>
> Very, very few people are capable of coming up with strong passwords
> that they can actually remember.
Actually, if you teach them to use a mnemonic device to remember it, most
people actually can. It's just that they haven't been taught how to
remember something that seems random.
>> Muscle memory is a wonderful thing.
>
> ...until you get your right arm chopped off. :-P
It's fortunate I have a brain to back it up. I *have* actually typed
that password in one-handed - in fact, with one finger. I may even have
done so with my nose once just to see if I could. :-P
And I actually *did* type it on a screen in front of a class of college
students, too - none of them caught it or were able to remember it. Of
course, I told them what it was *after* clearing the screen.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> Very, very few people are capable of coming up with strong passwords
> that they can actually remember.
Especially when some stupid system forces you to change it every month.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Very, very few people are capable of coming up with strong passwords
>> that they can actually remember.
>
> Especially when some stupid system forces you to change it every month.
...and this is bad because...?
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Especially when some stupid system forces you to change it every month.
>
> ...and this is bad because...?
You try coming up with a different strong password every month, *and*
remembering it without writing it down. I doubt I'm the only user of this
system who needs to write the password somewhere. I wonder if security
would actually be improved by removing the 1 month expiry.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 14:21:48 +0200, scott wrote:
>>> Especially when some stupid system forces you to change it every
>>> month.
>>
>> ...and this is bad because...?
>
> You try coming up with a different strong password every month, *and*
> remembering it without writing it down. I doubt I'm the only user of
> this system who needs to write the password somewhere. I wonder if
> security would actually be improved by removing the 1 month expiry.
There have been studies done that suggest that changes that are too
frequent reduce security for just this reason.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
scott wrote:
> You try coming up with a different strong password every month, *and*
> remembering it without writing it down.
...I do this every month?
I mean, I guess it depends on how strong you consider to be "strong".
> I wonder if
> security would actually be improved by removing the 1 month expiry.
Perhaps making the expiry a little longer would help.
The idea of course is that the faster the password expires, the less
time a potential attacker has to try to crack your password. (And just
in case an attacker does eventually get your password, changing it puts
them back to square one.)
So I guess it's just a question of how long is "long enough".
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
>
> On the flip side of that, it's the sysadmin's responsibility to act in a
> trustworthy way. I *always* had access to financial information, salary
> information, and the like, and I *never* *ever* abused my authority to
> see what my peers were making or find out how much the CEO was making. I
> honestly just didn't care - it's not as if knowing that is going to get
> me a raise anyways.
>
On a sysadmin job (or janitor, or any other really important
caretaker-job) there exists that little something called "work ethics".
> Jim
--
Eero "Aero" Ahonen
http://www.zbxt.net
aer### [at] removethiszbxtnetinvalid
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> On Fri, 04 Jul 2008 12:06:01 +0100, Invisible wrote:
>
>> Worrying fact: 50% of the population has below-average intelligence.
>> (!!!)
So... If we have 4 men, with intelligences 1, 8, 9 and 9, the average is
(1+8+9+9)/4=6,75, so 75% of men are more intelligent than average person
(who, if he existed, would be over 6 times as intelligent as the dumpest
one).
> LOL, but mathematically sound. More worrying is the 80% who think
> they're above average drivers.
Measuring a best driver is very relative. My opinion is that there's a
triangle, having endpoints of speed, economy and safety. If the car
won't move, you're safe and economic, but you're not getting anywhere.
If you'll take a risk, you'll lose safety and economy and gain speed.
And ie. when overtaking someone increasing speed might gain you safety,
but it'll reduce the economy. So basically you can't have 100% of all
three of them - increasing one decreases at least one other. People have
different *opinions* of what's the best placement on this map, ie. what
combination of the three they are heading for, so it's very easy to
think that "I'm better than the average" for 80+%, since the goal is
different. Who's the best driver for some (good speed, high safety,
average economy for example) is the worst driver for some (who would
prefer great economy, average safety and average speed).
In my opinion, five nines of safety (99,999%), average economy and
good/stable speed is the best spot to go for. But that's my *opinion*,
not The Only Real Truth.
--
Eero "Aero" Ahonen
http://www.zbxt.net
aer### [at] removethiszbxtnetinvalid
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |