|
|
|
|
|
|
by tptacek
4695 days ago
|
|
|
I'm sorry, but I feel like I've had this pointless, silly debate my whole career, starting with comp.security.unix, continuing through my brief time working with OpenBSD and 90's Bugtraq, and through about a decade of helping startups with software security, and I've lost a lot of my patience for it. Security is measured in dollars; it is about the cost you confront your adversary with. Chrome has sunk many millions of dollars into blunting attacks that cost 6, 7, sometimes 8 figures. You're up in arms about a security measure that would add pennies (if that) of attacker cost. Justin and his team (rightly) observe that in return for the pennies of extra effort the feature you're demanding would add, they also incur a real risk that users will feel safer leaving their accounts unlocked. As you've already acknowledged repeatedly, if they do that, it costs pennies to get all their passwords. There are all sorts of stupid extra steps you can add to make things harder for computer-illiterate attackers to compromise your accounts. Like I said, you could also Base64-encrypt the passwords. Or ROT14 them. Or Base64 and ROT14 them. How about you turn that into a round function and write the Base64+ROT14 Feistel network? That'll surely dissuade someone, somewhere from capturing passwords. You will no doubt be able to come up with a 4 paragraph response to this comment. In ~20 years, I've never been able to deliver a killing blow in this stupid debate. |
|
|