[Cryptography] Possible reason why password usage rules are such a mess
Kent Borg
kentborg at borg.org
Fri Nov 20 16:36:36 EST 2020
On 11/20/20 1:03 PM, Arnold Reinhold wrote:
>> On Nov 20, 2020, at 3:19 PM, Kent Borg <kentborg at borg.org> wrote:
>>
>> There are *so* many ways to build an insecure system, and there is *so* little regulation about the building of these systems. First, can we regulate our way out of this insecure mess? If we can, is this really where to start?
> One has to begin somewhere. And poor storage of password validation data is a major vulnerability. For starters, I am suggesting transparency and self-certification, not regulation.
Might be a start.
Though self-certification of what? Sounds like ISO standards or
something. (I hope there isn't a "best practices" requirement of
changing passwords every 30-days in there.)
Things are a mess, even some bad standards might be useful. Maybe for
things such as just prompting people to survey to know what their
systems consist of.
-kb
More information about the cryptography
mailing list