Even Russian spies have absurd password requirements

Security by Dave Naffziger on June 30, 2010 at 10:48 pm

From this fascinating CNET article on a few of the techniques that the Russian spies used to exchange data:

…the steganographic program was activated by pressing control-alt-E and then typing in a 27-character password, which the FBI found written down on a piece of paper during one of its searches.

While online passwords never need to be this complex - centralized management can prevent brute-force attack. Arguably, longer passwords are more important for local software (that can be stolen, then brute-forced). In fact, the leading theories on the ‘cracking’ of the wikileaks video suggest that they brute-forced the password that unlocked the encrypted contents.

A 27 character password certainly makes brute-forcing the password impossible. But human nature, even to extremely well-trained spies is to write things like this down.

Related Posts

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

0 Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Comments for this post will be closed on 28 October 2010.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. | Dave Naffziger’s Blog | Dave & Iva Naffziger