On Tue, Jul 30, 2013 at 08:49:35AM +0900, Joel Rees wrote: > And I find myself puzzling over whether re-cycling a password by running it > through an encryption device and using the encryption result as the new > password is better or worse than using a random password generator. > > Obviously, systemizing the process would set up a huge vulnerability,
Please, no neologisms. If you mean streamlining, then obviously you would take that into account during the planning phase. > relative to former employees and others who might get access to the process > and historical passwords. > > On the other hand, picking a different encryption or even just a different > encryption key at random would defeat the attempt to re-construct the > generation chain. > > If there were some need to be able to re-create the sequence of passwords, > it might be useful, and it might be considered less exposing than leaving > the old passwords in some closely guarded database. > > (And having to think that deeply about such things ... I believe, it is called cost benefit analysis. :) > ... is usually indication of structural problems in the organization. Convincing/reasoning with the "powers that be" seems to be another issue: :( http://www.3news.co.nz/Whistleblowers-reject-Collins-hacker-label/tabid/1607/articleID/293669/Default.aspx -- "If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing." --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130731094434.GB2234@tal
