Date: Thu, 7 Apr 2016 22:40:58 +0200 From: "e@...tmx.net" <e@...tmx.net> To: passwords@...ts.openwall.com Subject: Re: Password creation policies >> The "password creation policy" concept is deeply MISLEADING. It confuses >> all our objectives and analytical tools with marketing and coercion. > > Blazing guns! Better arguments please. This is a real argument. The decomposition helps solving problems. Unrelated entities mixed into the topic -- do not. I phrased this point few weeks ago thusly: [the article] is written from a standpoint of a service provider and assumes "him" to influence users' password creation strategy -- this is an erroneous stance in and of itself. It conflates responsibilities! The password _guessing_ attacks constitutes a private "dispute" between the defender and the attacker while the mediator, the service provider, has its own huge pile of problems: how to deflect all the rest types of attacks -- and those must not be confused with the former. > We discuss anything related to passwords, including biometrics, 2SV, > 2FA, linguistics, statistics, psychology, math, crypto, voodoo, magical > unicorns and MASSIVE gpu clusters. And more! I do not call you to limit the scope of your discussion, I want to avoid confusion between "password choosing strategy" and "password creation policy" -- let's not substitute one discussion with another; they are not the same and the "policy problems" are apparently derivative to the "password problems". -Eugene.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.