>
> > > If I know your password is 7 characters I have a smaller
> > > space of passwords to search to just brute-force it.
> >
> > It's much smaller if you didn't know that it was at most 7 characters
> > long. However, if you did know the upper bound, or you were just
> > brute forcing all passwords starting from 1 character, then the
> > difference is relatively minor. This is because
<snip>
> One time passwords are much more secure.
Nope.
Changing password to a password of similar complexity every 10 seconds
doesn't make it much less likely to be guessed than a static password.
It may mean you can't guess it again, but you generally don't want
an attacker to even log in once.
One-time passwords, using a key generator may be better for other
reasons for example, more entropy than "31137" or other passwords that
users might pick, or be able to remember.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jul 23 2003 - 22:00:49 EST