[Cryptography] Possible reason why password usage rules are such a mess
Kent Borg
kentborg at borg.org
Wed Nov 18 12:17:09 EST 2020
On 11/17/20 8:42 PM, Sven Semmler wrote:
> On 11/17/20 7:45 PM, Kent Borg wrote:
>> First, why should we trust that the user's machine that it is running
>> on is secure? People get infected by malware all the time.
> I agree that this is a giant problem, but it's not specific to the
> password manager. Once your machine is compromised a simple keylogger
> will quickly render any and all password strategies (including writing
> them down on paper) useless.
No, paper is still better than an all-eggs-in-one-handy-basket approach.
For the manual case a key logger still needs to catch each being
password used. Much less juicy target. Much harder problem for the attacker.
-kb
More information about the cryptography
mailing list