Re: Repost of CompuServe Position on Passphrases

• To: John Macko <jmacko@nisa.compuserve.com>
• Subject: Re: Repost of CompuServe Position on Passphrases
• From: Jeff Weinstein <jsw@netscape.com>
• Date: Thu, 25 Jul 1996 03:33:42 -0700
• CC: ietf-tls@w3.org
• From ietf-tls-request@www10.w3.org Thu Jul 25 06: 35:53 1996
• Organization: Netscape Communications Corp.
• References: <31F3C950@nisa.compuserve.com>
• Reply-To: jsw@netscape.com

John Macko wrote:
> PASS PHRASES ARE INSECURE--One sometimes hears the argument that pass
> phrases are inherently insecure. Generally, there are three such
> arguments, all false.

  Here is one of my objections to passwords.

  I believe that the following are facts:

	1) many people send their passwords in the clear over the internet
	   every day.  Many of the protocols used on the internet
	   use passwords sent in the clear, and lots of people
	   (the majority?) use these protocols without underlying
	   encryption such as SSL.

	2) many (most?) people reuse their passwords.

  If someone snoops passwords from major sites on the internet that
use HTTP basic authentication, I believe that they will find a
significant percentage of people using the same password that
they use for your system.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.

• Repost of CompuServe Position on Passphrases
• From: John Macko <jmacko@nisa.compuserve.com>

• Prev: Remove from list/Unsubscribe from list
• Next: RE: CompuServe Positions on Passphrases and TLS
• Index: Message index of ietf-tls@w3.org mailing list
• Thread: Thread index of ietf-tls@w3.org mailing list