Dear Linkedin,

Alec Muffett alec.muffett at gmail.com
Fri Jun 8 15:41:03 CDT 2012


> PS: when security is hard, people simply don't do it. Blaming the victim
> of poor engineering that leads people to not be able to perform best
> practices is not the answer.

Passwords suck, but they are the best that we have at the moment in terms of being cheap and free from infrastructure - see http://goo.gl/3lggk

We've been in a bubble for the past few years, where Moore's law hardware had not quite caught up with the speed of SHA and MD5 password hashing throughput for effective brute force guessing; that bubble is well and truly burst.

Welcome back to 1995 where the advice is to change your passwords frequently, because it has a half-life of usefulness imposed upon it from (a) day to day external exposure and (b) the march of technology - and keep your hashing algorithms up to date, too.  See http://goo.gl/iL9EP for suggestions.

Have a nice weekend,

	-a




More information about the NANOG mailing list