Re: confusion in ank.
- From: dkg-mit.edu@xxxxxxxxxxxxxxxxx (Daniel Kahn Gillmor)
- Date: Mon, 23 Apr 2007 13:07:05 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon 2007-04-23 11:52:36 -0400, Nicolas Williams wrote:
Password quality policies certainly shouldn't apply to randomly-
generated keys, but that does not mean that there cannot be a key
expiration policy.
i agree that it's worthwhile to support expiration policy for
randomly-generated keys. One could even argue for iteratively
applying password-quality policies to randomy-generated keys from a
pragmatic approach:
In the unlikely event the randomly-generated key happens to be
guessable by common tools (dictionary attacks, limited character
classes, etc), it's probably worth generating a new random key. While
this reduces the overall space of possible random keys, it does keep
the random keys out of the (admittedly tiny) space regularly probed by
the most common brute force attackers.
--dkg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFGLOe3iXTlFKVLY2URAmTRAJ9eiJ2qnt5N22NhhMLE+8jQeD9U+QCffrXU
FuRYHsQwMjmsxx+7nDs3PxU=
=MNUn
-----END PGP SIGNATURE-----
________________________________________________
Kerberos mailing list Kerberos@xxxxxxx
https://mailman.mit.edu/mailman/listinfo/kerberos
.
- Follow-Ups:
- Re: confusion in ank.
- From: Russ Allbery
- Re: confusion in ank.
- From: Ken Raeburn
- Re: confusion in ank.
- References:
- confusion in ank.
- From: "Vipin Rathor"
- Re: confusion in ank.
- From: Russ Allbery
- Re: confusion in ank.
- From: "Vipin Rathor"
- Re: confusion in ank.
- From: "Kevin Coffman"
- Re: confusion in ank.
- From: Nicolas Williams
- confusion in ank.
- Prev by Date: Re: confusion in ank.
- Next by Date: Re: confusion in ank.
- Previous by thread: Re: confusion in ank.
- Next by thread: Re: confusion in ank.
- Index(es):
Relevant Pages
|
