RE: Passwords in the Clear

Marc de Graauw:

| > If we consider this from an economical perspective, 
| passwords in the clear
| > would be appropriate in cases where:
| > - the value of the protected information is nil for a 
| malicious intruder;

John Cowan:
| I don't think that's an issue.  In most of the cases above, 
| the information
| (or action, in the case of password-protected posting) is of 
| some use to
| a malicious intruder, especially a motiveless one like a vandal.

You're quite right that in the cases you cite, and in current practice, this
is not an issue, but if an economical criterion is used as an architectural
pinciple, the first criterion must stay. If we for instance use
passwords-in-the-clear to protect transactions whose value is 0.001
dollarcents, and every Internet user occasionally uses this scheme, the case
fulfills the second criterion (the value of the transaction is very small
for me), but passwords-in-the-clear protection will miserably fail because
the sheer numbers make it worth attacking. Like spam, the very small value
of the individual spam email adds up to make it an economically viable
activity. Of course I should have written "monetary value", the perceived
value of the joy of looking at information one is not supposed to see is not
much of an issue.

John Cowan:

| > - the damage of publication of the protected information is 
| practically nil,
| > or at least very small, for the publisher.
| This is the real point (note that in the case of credit-card numbers,
| it's the client who is the "publisher").
| > Admittedly, most cases won't fulfil the second criterion, 
| but some will.
| I think that most cases do, and that requiring all these cases to use
| secure authentication serves no one's interests except those 
| who charge
| a lot of money for certificates of authentication.

I agree.


Received on Friday, 15 December 2006 08:35:59 UTC