[153610] in North American Network Operators' Group
Re: Dear Linkedin,
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Jun 8 18:20:56 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <DF1A4791-D9EB-4D52-923D-5972BFF5579F@gmail.com>
Date: Fri, 8 Jun 2012 15:17:25 -0700
To: Alec Muffett <alec.muffett@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 8, 2012, at 1:41 PM, Alec Muffett wrote:
>> PS: when security is hard, people simply don't do it. Blaming the =
victim
>> of poor engineering that leads people to not be able to perform best
>> practices is not the answer.
>=20
> Passwords suck, but they are the best that we have at the moment in =
terms of being cheap and free from infrastructure - see =
http://goo.gl/3lggk
>=20
> We've been in a bubble for the past few years, where Moore's law =
hardware had not quite caught up with the speed of SHA and MD5 password =
hashing throughput for effective brute force guessing; that bubble is =
well and truly burst.
>=20
> Welcome back to 1995 where the advice is to change your passwords =
frequently, because it has a half-life of usefulness imposed upon it =
from (a) day to day external exposure and (b) the march of technology - =
and keep your hashing algorithms up to date, too. See =
http://goo.gl/iL9EP for suggestions.
>=20
> Have a nice weekend,
>=20
> -a
>=20
Would it really be that hard to release a coordinated One-Time Password =
system that consumers could readily use across multiple sites?
Owen
