22 Oct 2004 yeupou   » (Master)

I've read an article on netcraft about Microsoft recommending usage of passphrases instead of passwords.

The point being made is that "passwords are ridiculously easy to guess or crack", the only solution being increasing the lenght of the pass strings.

Isnt it obvious that doing so means increasing severely the pain it is for users to remembers password -- so increasing the risk of having password and stuff like that store in clear-text somewhere. While I'm definitely not a security expert (not a computing expert anyway), it seems more sensible to me to incitate to use system with key pairs authentication. On all the servers I am admin of that run sshd, only passphrase with keys permits to gain access. I think it is the way to go. That said, if many servers follow this approach, it will be necessary to disallow ssh keys pairs without passphrase (because crackers will likely being cracking users home account to steal private keys first - and that would probably be even easier than to crack a sshd production server well monitored that allow password ssh access).

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!