trojan problem (password protection)
Michael T. Richter
ttmrichter at gmail.com
Fri Jan 27 14:32:09 UTC 2006
On Fri, 2006-27-01 at 13:19 +0200, Billy Verreynne (JW) wrote:
> > Use a decent password management system (strongly encrypted)
> > and it's not an issue.
> But then that is a case of all eggs in a single basket. If that vault
> is compromised, then all your accounts are wide open to attack.
Fair enough. I'm paranoid enough to make sure that it's not going to be
easily compromised and on top of that the keys are kept on my physical
person in external storage.
> It is also much easier to attack the vault from a social engineering
> and technical perspective - especially as the vault (usually) resides
> locally on Mr/Mrs User PC. A very vulnerable environment...
Hence its existence on a USB key on my person. ;)
> Not saying that the vault (aka wallet method) is not a working
> solution. But we must realise that the whole password authentication
> model is severely flawed.
Agreed. But since it's what we've got to deal with, it's what we have
to deal with. Easily memorised passwords are easily cracked. Writing
passwords down is seriously brain-damaged (I had this debate with a
policeman of my acquaintance). The wallet system is the best we've got
short of biometrics becoming widely used.
--
Michael T. Richter
Email: ttmrichter at gmail.com, mtr1966 at hotpop.com
MSN: ttmrichter at hotmail.com, mtr1966 at hotmail.com; YIM:
michael_richter_1966; AIM: YanJiahua1966; ICQ: 241960658; Jabber:
mtr1966 at jabber.cn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060127/76f7104a/attachment.sig>
More information about the ubuntu-users
mailing list