1994-07-06 - Re: Password Difficulties

Header Data

From: Phil Karn <karn@qualcomm.com>
To: kentborg@world.std.com
Message Hash: cae85a59413aad4795fe6d4a876c466333dbaf5129aba3cfb384e45df00ede67
Message ID: <199407060108.SAA12907@servo.qualcomm.com>
Reply To: <199407021952.AA21913@world.std.com>
UTC Datetime: 1994-07-06 01:08:42 UTC
Raw Date: Tue, 5 Jul 94 18:08:42 PDT

Raw message

From: Phil Karn <karn@qualcomm.com>
Date: Tue, 5 Jul 94 18:08:42 PDT
To: kentborg@world.std.com
Subject: Re: Password Difficulties
In-Reply-To: <199407021952.AA21913@world.std.com>
Message-ID: <199407060108.SAA12907@servo.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain

>What do we do about a population which thinks a 4-digit PIN is secure?
>If people use their current ATM PINs--and a lot of computer users *do*
>when they are allowed--there will be problems: if we want privacy we
>had better figure out how to give everyone privacy.

There's a difference: as far as I know, ATM PINs can't be cracked
offline (somebody correct me if I'm wrong). The big problem here is
that you have to assume the attacker can do his thing offline. Require
an online trial for every test key and it becomes much easier to
detect this sort of thing.