On Sat 23 Dec 2017 at 10:25:10 +1300, Richard Hector wrote: > On 21/12/17 22:16, Curt wrote: > > On 2017-12-20, Richard Hector <rich...@walnut.gen.nz> wrote: > >> > >> On 21/12/17 02:02, Curt wrote: > >>> Also, I'm uncertain whether suppression of the asterisk-echo qualifies > >>> as "security by obscurity" > >> > >> I think most people accept that obscurity is quite reasonable for > >> passwords ... > >> > >> Richard > >> > > > > Wonderful, Dick, however, I was referring to the specific expression > > "security by (or through) obscurity," which denotes something else. > > > > https://en.wikipedia.org/wiki/Security_through_obscurity > > I'm aware of that concept. But making it harder to see the length of the > password makes it harder to guess the password, no? Which has got to be > good?
Definitely. Knowing the password is twenty characters reduces the time taken to guess it from ten billion years to an estimated five million years. -- Brian.
