- From: Jeff Weinstein <jsw@netscape.com>
- Date: Thu, 25 Jul 1996 03:33:42 -0700
- To: John Macko <jmacko@nisa.compuserve.com>
- CC: ietf-tls@w3.org
John Macko wrote: > PASS PHRASES ARE INSECURE--One sometimes hears the argument that pass > phrases are inherently insecure. Generally, there are three such > arguments, all false. Here is one of my objections to passwords. I believe that the following are facts: 1) many people send their passwords in the clear over the internet every day. Many of the protocols used on the internet use passwords sent in the clear, and lots of people (the majority?) use these protocols without underlying encryption such as SSL. 2) many (most?) people reuse their passwords. If someone snoops passwords from major sites on the internet that use HTTP basic authentication, I believe that they will find a significant percentage of people using the same password that they use for your system. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
Received on Thursday, 25 July 1996 06:35:53 UTC