[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029

Fri Apr 18 10:38:21 EDT 2025

On 4/18/25 9:46 AM, Peter Gutmann wrote:
> Kent Borg <kentborg at borg.org> writes:
>
>> I also saw Schneier once say that there is no need for password bullet
>> characters because shoulder-surfing is no longer a big problem. Except it is
>> *because* of obscured password typing that shoulder-surfing is no longer such
>> a problem.
> And it's entirely because I wear leopard-proof underwear that I've never been
> attacked by a leopard out in the street (although I did see one eating
> someone's face once).

Bravo, but on the flipside, not every preventative measure works. Did 
you know that people who regularly wear parachutes are *far* more likely 
to die jumping out of airplanes than are people who have never even put 
on a parachute? Makes you think.

> Arguably, blanking passwords actually makes things worse because you never get
> to see the password you're typing, leading to both problems in memorising
> passwords that you never see and ease of exploitation by attackers when people
> mistype their passwords, don't realise it, and instead try various other
> passwords on the assumption that they've entered the wrong one for the site
> (both of those are from password studies, and there's several more problems
> that are created through password blanking).

Good points. I do think that user interfaces should have the option of 
letting the user see what has been typed, but defaulting blind is still 
good. I sometimes type my password into a text editor (providing a 
specific pesky child I know isn't handy) so I can be sure I have typed 
it correctly, and then I paste it into the 
three-tries-and-we-break-things input.

That is part of why I am a fan of horse-stable-battery style login 
passwords (https://xkcd.com/936/). They are real words and my fingers 
know how to type real words, so they are easier to type blind. This 
doesn't work so well with good encryption passphrases (which are 
different from login passwords and need to be much longer--a shame no 
one knows this), so they always hard to type blind.

Recently I typed my password wrong and the second-chance web page 
wouldn't let me type my whole password, because I suppose Javascript 
programmers use relatively short passwords. I had to go back to the 
original page before the bank locked me out.

> The real reason why they're
> blanked is because it was done that way on ASR-33s more than half a century
> ago and is now a required part of the login ceremony,

Hmmm. I'm not sure modern programmers have such an appreciation of 
history. If they did the Macintosh UI wouldn't have gone downhill over 
the years. (How many copies of their excellent, old "User Interface 
Guidelines" book still exist inside Apple? I suspect very few, and fewer 
every time a few more geezers retire. Yes, young programmers, like all 
programmers, are very traditional, and this is traditional, but it is 
also something pretty easy to reinvent. There *are* very good reasons 
for blanking passwords (even if you might argue there are better reasons 
not to).

> along with getting three
> guesses at your password which is something I've never been able to find the
> origin of.

 From bank ATMs? A 4-digit PIN seems terribly insecure, if one doesn't 
limit failed attempts, but not bad at all if one does. (I once had a 
bank card with a 6-digit PIN, but they reverted to 4-digits. I suppose 
"4" was too baked in around the world.)

-kb, the Kent who is glad he never scored a used ASR-33, they are big 
and noisy, messy, apparently a pain to maintain, and not actually very 
useful, even if they might be a lot of nostalgic fun.