<nettime> "Pirate Utopia," FEED, February 20, 2001
David Honig
honig at sprynet.com
Tue Sep 25 11:32:05 EDT 2001
At 09:13 AM 9/25/01 -0500, Matt Crawford wrote:
>> That's an excellent point, but: if you were smart enough to use stego
>> for real, wouldn't you be smart enough to pick a good password?
>
>If I hand my users some security package and say "use this", that
>doesn't make them any smarter or dumber than they were yesterday.
True. But they hired *you*, and you know your stuff, which makes *them*
smarter
than your average doorknob.
You'd instruct them on secure behaviors (no beards, carry liquor; burn your
silks
and flush them immediately; take a original digphoto or scan something
yourself
for stego) and make sure they practiced them. Well.
Similarly for passwords, of course.
As Leo Marks (_Between Silk & Cyanide_) wrote, some folks perform better
with a deep understanding of *why* (e.g., what happens if you use a OTP
twice),
others do better through superficial 'ritualistic' practice.
dh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list