[4160] in cryptography@c2.net mail archive
RE: PGP compromised on Windows 9x?
daemon@ATHENA.MIT.EDU (Walter Burton)
Mon Feb 8 13:55:00 1999
From: Walter Burton <wburton@pipestream.com>
To: Cryptography List <cryptography@c2.net>
Date: Mon, 8 Feb 1999 13:41:12 -0500
> -----Original Message-----
> From: Jay D. Dyson [mailto:jdyson@techreports.jpl.nasa.gov]
> Sent: Monday, February 08, 1999 12:08 PM
> To: Cryptography List
> Subject: RE: PGP compromised on Windows 9x?
>=20
>=20
> -----BEGIN PGP SIGNED MESSAGE-----
>=20
> On Mon, 8 Feb 1999, Tom Garner wrote:
>=20
> Sure, I wouldn't mind a confidence-check of some kind on my
> passphrases. I know my logic is fallible. But that does not mean I
> should surrender my choice to that of a programmer. Just a=20
> little *too* Orwellian for me, thanks.
PGP 5+ evaluates your passphrase quality as you enter it. It's nice.
What more do you need?
> > I'm sorry to sound a bit harsh, but I'm sick/tired of reading about
> > passphrases being weak, and passwords being weak, and there=20
> > is only one reason, that is our laziness.=20
Whatever. =C9lev=E9 drame.
> Laziness is part of nature. Everything follows the=20
> path of least resistance. About the only way to get around=20
> this sort of problem is not to restrict the cryptographic=20
> systems, but to encourage people to devise their own mnemonic=20
> strategies by which they...
The reason people use poor passphrases is because=20
A. The data they're protecting is not valuable enough to warrant due
dilligence.
B. They've never been burned. Once you get burned, you start picking
GREAT passphrases.
C. Both of the above.
The only way to got around that problem is to, well, not. Get around
it, that is. Seatbelt laws are stupid. =20
---
Walter S. Burton <mailto:wburton@pipestream.com>
For my PGP public key, send a message with the subject "get public =
key."
Fingerprint: 3E28 7C81 536C 92FE ED01 6B70 0E37 DB49 9F6C 8DF8
