funsec mailing list archives
Re: While we're all trying to fix politics, economics, etc.
From: Rich Kulawiec <rsk () gsp org>
Date: Wed, 6 Feb 2013 09:12:39 -0500
On Tue, Feb 05, 2013 at 12:49:44PM -0500, Rich Kulawiec wrote:
I have a question. Please to consider the following candidate password: S.3-t=2ga+Zilg59CEkp4
Okay, I s'pose now I should explain why I asked that question. (But first: thanks for the comments!) I actually have that password committed to memory (via a mnemonic that's partly obscene, so I'll omit it here). So it's not open to PostIt attack, although admittedly keystroke logging would grab it just as easily as any other. So would rubber hose cryptography, so would other methods. The usage I'd intended for this was on a Yahoo account. I have a few of them that I use for mail/spam/phish/etc. test purposes: little controlled experiments involving exposing addresses in certain places and then waiting to see what shows up months or years later. (I've been doing this for a very long time with lots of freemail providers as well as with addresses associated with domains of my own.) I recently realized that one of those Yahoo accounts has a password that is inexcusably weak by contemporary standards, so I decided to change it to a much better one -- this one. Yahoo's web interface informs me that this password is weak: in fact, it informs me that it is as weak as it's possible to be and refuses to allow me to use it. It also refuses to allow me to use variations, including still-longer ones. It steadfastly rates them all as "weak". I find this puzzling. Now given that I was doing this exercise after a certain recent Sunday evening sporting competition involving a local franchise, I thought, well, maybe I'm just missing the obvious. I might still be. But I believe I'm now confused on a higher level, so I'll call that progress. ---rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- While we're all trying to fix politics, economics, etc. Rich Kulawiec (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Valdis . Kletnieks (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Charlie Derr (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Jeffrey Walton (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Les Bell (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Valdis . Kletnieks (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Charlie Derr (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Paul Ferguson (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Blanchard, Michael (InfoSec) (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Jeffrey Walton (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Rich Kulawiec (Feb 06)
- Re: While we're all trying to fix politics, economics, etc. Blanchard, Michael (InfoSec) (Feb 06)
- Re: While we're all trying to fix politics, economics, etc. Valdis . Kletnieks (Feb 05)