[Discuss] password strength
Tom Metro
tmetro+blu at gmail.com
Mon Jul 29 17:16:42 EDT 2013
Richard Pieri wrote:
> There's a huge misdirection in that Ars article that you cite. It
> presumes that the attacker has the password database. Fact is, if an
> attacker can get the entire password database...then it doesn't
> matter how strong your password is.
Yes, true. (I thought of that as well, but there is a limit to how many
disclaimers and angles I can address in a posting without it starting to
read like a terms of service contract. :-) )
But as others have pointed out, the reason why this sort of an attack is
still relevant is that it is similar to an offline attack that could be
performed on your password safe or other encrypted files.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Discuss
mailing list