Stay Current And Ahead |
|
Synopsis: Stay current or ahead. Attacks are ever-changing, and even the patterns in this language may get out of date or constitute bad advice in an ever changing and evolving security and technology context. Thus, no scheme is perfect. However, many times, an attack may not be directed specifically at you or your accounts, but it may be geared towards gaining access to a system in general, and for the attacker, another person's account is as good as yours. Therefore, stay current with respect to password attacks and what crackers to do gain knowledge. Choose your password scheme to be more difficult to crack than the average. This way you reduce the likelihood that you fall prey to an attack before some other account is cracked. How your password scheme relates to the average depends on your security needs. To say it with Andy Grove: Only the paranoid survive. Previous pattern: Security Context Next pattern: Lay It Open Contributors: Dirk Riehle, Joe Bergin Is this pattern really just about being more complicated than usual? The idea of staying ahead of the pack implies an awareness of what's current, in particular about crackers' strategies for breaking passwords and the like. -- EugeneWallingford Yes, I agree. Do you think this makes this pattern invalid? -- DirkRiehle Not necessarily. You could broaden the pattern to address both complexity and current technique, which may result in a new pattern downstream. You could create separate patterns to deal with complexity and techniques. Or you could decide to maintain this pattern's focus on complexity, perhaps expanding on it, and simply choose a more representative name. -- EugeneWallingford Not sure what you mean. I renamed the pattern, but I'm still not happy. The key issue is simply to detract attackers by letting them suspect/have easier prey some place else. -- DirkRiehle There exists a very old method to hide important information. It was used by wise men to inform others. They used stories, which referred to daily events, but hidden in them was information for the knowledgeable persons. This method was used by the Sufis for instance. Using modern computer technology one could use a large piece of text and put into it the information, which one wants to hide. The algorithm for hiding could be very simple. -- AnonymousContributor |
| Copyright (©) 2005 Dirk Riehle and Joe Bergin. Some rights reserved. (Creative Commons License BY-NC-SA.) Original Web Location: http://www.riehle.org |
|
3
|