[153590] in North American Network Operators' Group
Re: Dear Linkedin,
daemon@ATHENA.MIT.EDU (Alec Muffett)
Fri Jun 8 16:41:39 2012
From: Alec Muffett <alec.muffett@gmail.com>
In-Reply-To: <4FD260F2.7000407@mtcc.com>
Date: Fri, 8 Jun 2012 21:41:03 +0100
To: Michael Thomas <mike@mtcc.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> PS: when security is hard, people simply don't do it. Blaming the =
victim
> of poor engineering that leads people to not be able to perform best
> practices is not the answer.
Passwords suck, but they are the best that we have at the moment in =
terms of being cheap and free from infrastructure - see =
http://goo.gl/3lggk
We've been in a bubble for the past few years, where Moore's law =
hardware had not quite caught up with the speed of SHA and MD5 password =
hashing throughput for effective brute force guessing; that bubble is =
well and truly burst.
Welcome back to 1995 where the advice is to change your passwords =
frequently, because it has a half-life of usefulness imposed upon it =
from (a) day to day external exposure and (b) the march of technology - =
and keep your hashing algorithms up to date, too. See =
http://goo.gl/iL9EP for suggestions.
Have a nice weekend,
-a
