[LUAU] all your GPU are belong to us
Eric Hattemer
hattenator at imapmail.org
Fri Oct 26 01:09:23 PDT 2007
Vince Hoang wrote:
> On 10/25/07, Jim Thompson <jim at netgate.com> wrote:
>
>> If passwords weren't "dead" already, this (or having the botnet do it
>> on the CPUs) finished them.
>>
>
>
> In a world where bank PINs are 4 numeric digits can you suggest practical
> alternatives? Biometrics are not mature enough. Two-factor authentication
> has existed for a long time but is not cost effective for the average
> consumer.
>
The article talks about ntlm and pgp. The answer is not passwords that
are more complicated, it is passwords that can't be anonymously
downloaded and cracked offsite. It doesn't matter how crappy your
shadow password is if someone can only try an ssh attempt every 2
seconds or so. NTLM passwords are freely available to any decent
cracker with a network connection to the windows machine. If your PGP
secrets are important, and you expect someone to get at them, you'd
better have a ridiculously large key.
-Eric Hattemer
More information about the LUAU
mailing list