[9487] in cryptography@c2.net mail archive
Re: "Pirate Utopia," FEED, February 20, 2001
daemon@ATHENA.MIT.EDU (David Honig)
Tue Sep 25 12:17:11 2001
Message-Id: <3.0.6.32.20010925083205.0090ce00@pop.sprynet.com>
Date: Tue, 25 Sep 2001 08:32:05 -0700
To: Matt Crawford <crawdad@fnal.gov>, David Honig <honig@sprynet.com>
From: David Honig <honig@sprynet.com>
Cc: Ray Dillinger <bear@sonic.net>, Nomen Nescio <nobody@dizum.com>,
cryptography@wasabisystems.com
In-Reply-To: <200109251413.f8PEDBm14176@gungnir.fnal.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 09:13 AM 9/25/01 -0500, Matt Crawford wrote:
>> That's an excellent point, but: if you were smart enough to use stego
>> for real, wouldn't you be smart enough to pick a good password?
>
>If I hand my users some security package and say "use this", that
>doesn't make them any smarter or dumber than they were yesterday.
True. But they hired *you*, and you know your stuff, which makes *them*
smarter
than your average doorknob.
You'd instruct them on secure behaviors (no beards, carry liquor; burn your
silks
and flush them immediately; take a original digphoto or scan something
yourself
for stego) and make sure they practiced them. Well.
Similarly for passwords, of course.
As Leo Marks (_Between Silk & Cyanide_) wrote, some folks perform better
with a deep understanding of *why* (e.g., what happens if you use a OTP
twice),
others do better through superficial 'ritualistic' practice.
dh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
