People pick lousy passwords

• Best solution: don’t let them

  • Computer-generated keys are held in smart keys, USB dongles, etc.

• Don’t allow dictionary attacks on passwords, password-derived keys, PINS

  • This means that on-line authentication servers are needed…if you can crack something offline, it becomes a game of sniff-and-crack

Previous slide

Next slide

Back to first slide

View graphic version