RE: Encryption Challenge
June 20, 2012 at 7:14 pm
(This post was last modified: June 20, 2012 at 7:17 pm by Angrboda.)
(April 29, 2012 at 5:19 pm)Cthulhu Dreaming Wrote:(April 29, 2012 at 5:11 pm)Tiberius Wrote: Sure, but the first rule of security is to assume that an attacker knows as much about your system as possible, since they can always figure it out in the end. The point of a secure system is that it is secure even if the attacker knows how it works (since the real security is in the password / key).
^^^ This ^^^
Aka, "Security through obscurity is no security."
Generally it's best to avoid regular words or names. But I'm the same way. I like to think my passwords are more secure because I use a mix of numbers and Chinese and Japanese words, but the fact is, a good dictionary will include more than one language.
I've started buying eBooks from Barnes & Noble, and I kept getting login failures, with the message that this email address and password isn't associated with an account, forcing me to call support. I did that, and we reset the password successfully. The next time I went to login, I got the same thing again. So I call up support again, reset the password, and it doesn't take again. So the rep asks me how long my password is. I count it up and tell her that it's 14 characters. She tells me that it needs to be 6-10 characters. No warning. No check that the password needs to be that length. And two calls to support to figure it out. I was so mad.
![[Image: extraordinarywoo-sig.jpg]](https://i.postimg.cc/zf86M5L7/extraordinarywoo-sig.jpg)
