|
|
|
|
|
|
by hyperion2010
4145 days ago
|
|
|
The main issue is that attackers already have this data. They have a giant head start when when guessing passwords because just by looking at the username they can vastly reduce the search space. Whitehats and the public need to know how blackhats are reducing that search space. By making good faith publication and research on passwords risky (legally unattractive) we actively weaken security. I find it amusing that people find sharing password/username pairs questionable yet we don't seem to hold companies accountable when they loose millions of the things at once. Talk about a double standard. (RE: companies have lawyers and the little guy can get fucked for all anyone cares) |
|
|