Secure passwords?

Discussion in 'Computer Security' started by AV, Nov 30, 2005.

  1. AV

    AV Guest

    Which of these two passwords should be the most secure one:

    1. "Jag undrar vaad som aar ett sakert"

    2. "XVg6Gtzw"

    The first one is far more easy to understand for me since it is a
    somewhat incorrectly spelled sentence (in Swedish) whereas the other is
    8 very cryptic characters not easy to remember.

    To me it the first one seems much more secure since it has so many more
    characters and therefore should take far longer to bruce force than the
    other. Dictionary attacks should also be rather useless since the words
    are incorrectly spelled and also it is a sentence and not a word. The
    sentence with similar mispellings would in English be something like:

    "I wooonder what iss a secuure"

    So what are you opinions?
    AV, Nov 30, 2005
    #1
    1. Advertising

  2. AV

    nemo_outis Guest

    AV <> wrote in news:Hjnjf.39378
    $:

    > Which of these two passwords should be the most secure one:
    >
    > 1. "Jag undrar vaad som aar ett sakert"
    >
    > 2. "XVg6Gtzw"
    >
    > The first one is far more easy to understand for me since it is a
    > somewhat incorrectly spelled sentence (in Swedish) whereas the other is
    > 8 very cryptic characters not easy to remember.
    >
    > To me it the first one seems much more secure since it has so many more
    > characters and therefore should take far longer to bruce force than the
    > other. Dictionary attacks should also be rather useless since the words
    > are incorrectly spelled and also it is a sentence and not a word. The
    > sentence with similar mispellings would in English be something like:
    >
    > "I wooonder what iss a secuure"
    >
    > So what are you opinions?
    >




    My personal preference has always been for passphrases rather than
    passwords. Because of the peculiarities of human memory it is possible to
    remember a passphrase of much higher entropy than a password. For
    example:

    "A purple aardvark cavorts in a grotto of kumquat rinds."

    This sentence, while too short, has been chosen to illustrate the
    principle.

    One can then "harden" the passphrase in a number of ways, such as:

    Put two or three spaces between words and fill them with uncommon
    characters and numbers in some half-assed memorizable pattern. For
    instance:

    "A1)Purple2(aardvark*3cavorts&5in^8a%13grotto%21of$34kumquat#55rinds."

    (I used a very primitive pattern for illustration: top-row special
    characters and the - slightly mangled - Fibonacci numbers, both in
    order!)

    You might also capitalize following some non-standard pattern, such as
    the first and last letter of each word.

    "A1)PurplE2(AardvarK*3CavortS&5IN^8A%13GrottO%21OF$34KumquaT#55RindS."

    The nice thing about such passphrases is that they can often be
    "assembled" in the input window just as I did above, rather than entered
    directly in final form.

    Now the principle in choosing passphrases says that the passphrase should
    have (at least) as much entropy as the underlying algorithm (e.g., AES
    128). Here's some condensed theory:

    Choose words *randomly* (curb your prejudices and preferences!) from a
    word list. (The average use vocabulary of an English adult is 5000 words,
    the recognition vocabulary of a well-educated college graduate is perhaps
    50,000 words, and the Oxford contains somewhere around 500,000 words.)

    For good measure, do not count articles, prepositions, and the like in
    the word total. Ten words chosen *randomly* from a list of 10,000 would
    have a probability of 10000^10 or about 133 bits - that's the length of
    passphrase we need (about twice as long as my illustrative one).

    My fairly conservative policy (which has no theoretical support) is to
    assume that the hardening roughly compensates for the loss of entropy due
    to the regularity of the English sentence structure. Others may wish to
    credit it either more or less.

    Regards,
    nemo_outis, Nov 30, 2005
    #2
    1. Advertising

  3. AV

    ToYKillAS Guest

    AV wrote:
    > Which of these two passwords should be the most secure one:
    >
    > 1. "Jag undrar vaad som aar ett sakert"
    >
    > 2. "XVg6Gtzw"
    >
    > The first one is far more easy to understand for me since it is a
    > somewhat incorrectly spelled sentence (in Swedish) whereas the other is
    > 8 very cryptic characters not easy to remember.
    >
    > To me it the first one seems much more secure since it has so many more
    > characters and therefore should take far longer to bruce force than the
    > other. Dictionary attacks should also be rather useless since the words
    > are incorrectly spelled and also it is a sentence and not a word. The
    > sentence with similar mispellings would in English be something like:
    >
    > "I wooonder what iss a secuure"
    >
    > So what are you opinions?


    http://www.google.be/search?hl=fr&q=what is secure password&meta=
    maybe ???

    --
    #############################################################
    # http://users.teledisnet.be/web/ari01350/ToYKillAS.jpg #
    # -=- Der S├Ąger von St. Georg -=- #
    #############################################################
    ToYKillAS, Nov 30, 2005
    #3
  4. AV

    nemo_outis Guest

    "nemo_outis" <> wrote in
    news:Xns971E87AD52377abcxyzcom@127.0.0.1:

    ....
    > The nice thing about such passphrases is that they can often be
    > "assembled" in the input window just as I did above, rather than
    > entered directly in final form.

    ....


    A few things I forgot to add:

    "Assembling" a passphrase in an password input window can be severely
    hampered if the window is blanked with asterisks. Here's a trick: assemble
    the passphrase in the *user name* window and then cut and paste it to the
    password window (afterwards, go back and fill in the user name).

    For the theoretically inclined, the Shannon entropy of ordinary English
    sentences is about 1.2 to 1.4 bits per character. This gives an alternate
    method of calculating passphrase entropy.

    Regards,
    nemo_outis, Nov 30, 2005
    #4
  5. AV

    Rusty Guest

    #1 is weak, #2 is reasonably strong.

    Try here for a strength tester and some guidelines.
    http://www.securitystats.com/tools/password.php

    Ken


    "AV" <> wrote in message
    news:Hjnjf.39378$...
    > Which of these two passwords should be the most secure one:
    >
    > 1. "Jag undrar vaad som aar ett sakert"
    >
    > 2. "XVg6Gtzw"
    >
    > The first one is far more easy to understand for me since it is a somewhat
    > incorrectly spelled sentence (in Swedish) whereas the other is 8 very
    > cryptic characters not easy to remember.
    >
    > To me it the first one seems much more secure since it has so many more
    > characters and therefore should take far longer to bruce force than the
    > other. Dictionary attacks should also be rather useless since the words
    > are incorrectly spelled and also it is a sentence and not a word. The
    > sentence with similar mispellings would in English be something like:
    >
    > "I wooonder what iss a secuure"
    >
    > So what are you opinions?
    Rusty, Nov 30, 2005
    #5
  6. AV

    Guest

    nemo_outis <> wrote:
    > "nemo_outis" <> wrote in
    > news:Xns971E87AD52377abcxyzcom@127.0.0.1:
    >
    > ...
    >> The nice thing about such passphrases is that they can often be
    >> "assembled" in the input window just as I did above, rather than
    >> entered directly in final form.

    > ...
    >
    >
    > A few things I forgot to add:
    >
    > "Assembling" a passphrase in an password input window can be severely
    > hampered if the window is blanked with asterisks. Here's a trick: assemble
    > the passphrase in the *user name* window and then cut and paste it to the
    > password window (afterwards, go back and fill in the user name).


    Of course, this bypasses the very reason we have asterisks in password
    fields, the fact that anyone can look over your shoulder and see your
    password...

    Joachim
    , Nov 30, 2005
    #6
  7. AV

    nemo_outis Guest

    wrote in
    news:438e27a2$0$95882$:

    > nemo_outis <> wrote:
    >> "nemo_outis" <> wrote in
    >> news:Xns971E87AD52377abcxyzcom@127.0.0.1:
    >>
    >> ...
    >>> The nice thing about such passphrases is that they can often be
    >>> "assembled" in the input window just as I did above, rather than
    >>> entered directly in final form.

    >> ...
    >>
    >>
    >> A few things I forgot to add:
    >>
    >> "Assembling" a passphrase in an password input window can be severely
    >> hampered if the window is blanked with asterisks. Here's a trick:
    >> assemble the passphrase in the *user name* window and then cut and
    >> paste it to the password window (afterwards, go back and fill in the
    >> user name).

    >
    > Of course, this bypasses the very reason we have asterisks in password
    > fields, the fact that anyone can look over your shoulder and see your
    > password...
    >
    > Joachim
    >




    Call me crazy if you will, but I'm of the opinion that you should not be
    entering ANY password, whether asterisk protected or not, while someone is
    looking over your shoulder.

    Regards,
    nemo_outis, Dec 1, 2005
    #7
  8. AV

    Winged Guest

    nemo_outis wrote:
    > "nemo_outis" <> wrote in
    > news:Xns971E87AD52377abcxyzcom@127.0.0.1:
    >
    > ....
    >
    >>The nice thing about such passphrases is that they can often be
    >>"assembled" in the input window just as I did above, rather than
    >>entered directly in final form.

    >
    > ....
    >
    >
    > A few things I forgot to add:
    >
    > "Assembling" a passphrase in an password input window can be severely
    > hampered if the window is blanked with asterisks. Here's a trick: assemble
    > the passphrase in the *user name* window and then cut and paste it to the
    > password window (afterwards, go back and fill in the user name).
    >
    > For the theoretically inclined, the Shannon entropy of ordinary English
    > sentences is about 1.2 to 1.4 bits per character. This gives an alternate
    > method of calculating passphrase entropy.
    >
    > Regards,
    >
    >
    >

    While I agree with passphrase concept, I prefer tokens (smartcards).

    Some systems have limits as to usable PW length. Additionally since the
    system should lock after a short period of inactivity to prevent someone
    from entering system if a user leaves their terminal, it can be painful
    re-entering long passphrases. This does cause complaint. Storing very
    long and complex passwords on smartcards with unique passwords stored on
    the smartcard for each required system locks out possibility of
    dictionary attacks. This is further enhanced if your company servers
    lock password with 2 missed attempts (password "should" always be good
    but sometimes gurgles occur). This assists in log review if you see bad
    password attempts on accounts, as you shouldn't see many on any system.

    Meanwhile the user typically has to remember one short pin on their
    smartcard to access many systems. Of course the smart card locks with 3
    missed pin attempts and inevitably users do lock their cards, but this
    is relatively seldom. A 128k card holds an amazing number of
    credentials, more than enough for most mortals.

    Winged
    Winged, Dec 1, 2005
    #8
  9. AV

    nemo_outis Guest

    Winged <> wrote in
    news:2b86e$438e497c$45493f2f$:

    > nemo_outis wrote:
    >> "nemo_outis" <> wrote in
    >> news:Xns971E87AD52377abcxyzcom@127.0.0.1:
    >>
    >> ....
    >>
    >>>The nice thing about such passphrases is that they can often be
    >>>"assembled" in the input window just as I did above, rather than
    >>>entered directly in final form.

    >>
    >> ....
    >>
    >>
    >> A few things I forgot to add:
    >>
    >> "Assembling" a passphrase in an password input window can be severely
    >> hampered if the window is blanked with asterisks. Here's a trick:
    >> assemble the passphrase in the *user name* window and then cut and
    >> paste it to the password window (afterwards, go back and fill in the
    >> user name).
    >>
    >> For the theoretically inclined, the Shannon entropy of ordinary
    >> English sentences is about 1.2 to 1.4 bits per character. This gives
    >> an alternate method of calculating passphrase entropy.
    >>
    >> Regards,
    >>
    >>
    >>

    > While I agree with passphrase concept, I prefer tokens (smartcards).
    >
    > Some systems have limits as to usable PW length. Additionally since
    > the system should lock after a short period of inactivity to prevent
    > someone from entering system if a user leaves their terminal, it can
    > be painful re-entering long passphrases. This does cause complaint.
    > Storing very long and complex passwords on smartcards with unique
    > passwords stored on the smartcard for each required system locks out
    > possibility of dictionary attacks. This is further enhanced if your
    > company servers lock password with 2 missed attempts (password
    > "should" always be good but sometimes gurgles occur). This assists in
    > log review if you see bad password attempts on accounts, as you
    > shouldn't see many on any system.
    >
    > Meanwhile the user typically has to remember one short pin on their
    > smartcard to access many systems. Of course the smart card locks with
    > 3 missed pin attempts and inevitably users do lock their cards, but
    > this is relatively seldom. A 128k card holds an amazing number of
    > credentials, more than enough for most mortals.
    >
    > Winged




    You raise some very valid points. I suppose (depending on particular
    circumstances) security should be provided by a judicious blend of what
    you know (passwords or passphrases), what you possess (smartcards or
    equivalents), and who you are (biometrics).

    Regards,


    >
    nemo_outis, Dec 1, 2005
    #9
  10. AV

    nemo_outis Guest

    Winged <> wrote in
    news:2b86e$438e497c$45493f2f$:

    > nemo_outis wrote:
    >> "nemo_outis" <> wrote in
    >> news:Xns971E87AD52377abcxyzcom@127.0.0.1:
    >>
    >> ....
    >>
    >>>The nice thing about such passphrases is that they can often be
    >>>"assembled" in the input window just as I did above, rather than
    >>>entered directly in final form.

    >>
    >> ....
    >>
    >>
    >> A few things I forgot to add:
    >>
    >> "Assembling" a passphrase in an password input window can be severely
    >> hampered if the window is blanked with asterisks. Here's a trick:
    >> assemble the passphrase in the *user name* window and then cut and
    >> paste it to the password window (afterwards, go back and fill in the
    >> user name).
    >>
    >> For the theoretically inclined, the Shannon entropy of ordinary
    >> English sentences is about 1.2 to 1.4 bits per character. This gives
    >> an alternate method of calculating passphrase entropy.
    >>
    >> Regards,
    >>
    >>
    >>

    > While I agree with passphrase concept, I prefer tokens (smartcards).
    >
    > Some systems have limits as to usable PW length. Additionally since
    > the system should lock after a short period of inactivity to prevent
    > someone from entering system if a user leaves their terminal, it can
    > be painful re-entering long passphrases. This does cause complaint.
    > Storing very long and complex passwords on smartcards with unique
    > passwords stored on the smartcard for each required system locks out
    > possibility of dictionary attacks. This is further enhanced if your
    > company servers lock password with 2 missed attempts (password
    > "should" always be good but sometimes gurgles occur). This assists in
    > log review if you see bad password attempts on accounts, as you
    > shouldn't see many on any system.
    >
    > Meanwhile the user typically has to remember one short pin on their
    > smartcard to access many systems. Of course the smart card locks with
    > 3 missed pin attempts and inevitably users do lock their cards, but
    > this is relatively seldom. A 128k card holds an amazing number of
    > credentials, more than enough for most mortals.
    >
    > Winged




    You raise some very valid points. I suppose (depending on particular
    circumstances) security should be provided by a judicious blend of what
    you know (passwords or passphrases), what you possess (smartcards or
    equivalents), and who you are (biometrics).

    Regards,


    >
    nemo_outis, Dec 1, 2005
    #10
  11. AV

    Anonymous Guest

    nemo_outis wrote:

    > wrote in
    > news:438e27a2$0$95882$:
    >
    >> nemo_outis <> wrote:
    >>> "nemo_outis" <> wrote in
    >>> news:Xns971E87AD52377abcxyzcom@127.0.0.1:
    >>>
    >>> ...
    >>>> The nice thing about such passphrases is that they can often be
    >>>> "assembled" in the input window just as I did above, rather than
    >>>> entered directly in final form.
    >>> ...
    >>>
    >>>
    >>> A few things I forgot to add:
    >>>
    >>> "Assembling" a passphrase in an password input window can be severely
    >>> hampered if the window is blanked with asterisks. Here's a trick:
    >>> assemble the passphrase in the *user name* window and then cut and
    >>> paste it to the password window (afterwards, go back and fill in the
    >>> user name).

    >>
    >> Of course, this bypasses the very reason we have asterisks in password
    >> fields, the fact that anyone can look over your shoulder and see your
    >> password...
    >>
    >> Joachim
    >>
    >>

    >
    >
    > Call me crazy if you will, but I'm of the opinion that you should not be
    > entering ANY password, whether asterisk protected or not, while someone is
    > looking over your shoulder.


    The problem is that if you're building your passwords on screen in the
    clear, your shoulder is less effective in hiding them. It's a LOT easier
    for someone to see from further away.

    Your "user name" suggestion is a real security problem nemo. Not a good
    idea at all.
    Anonymous, Dec 1, 2005
    #11
  12. AV

    AV Guest

    That sounds very strange to me since the first one has so many more
    characters and has misspelled words.

    And shouldn't any secure login to anything only accept just a few
    attempts, e.g. three. To me it seems like if you just such a system (or
    application) then actually a rather short password should be rather
    safe. How likely is my "weak" passphrase below will be entered in three
    attempts? And after these three attempts you need to restart the
    application. How long time would it take for the fastest machine on
    earth today to brute force that passphrase?

    But again, I cannot understand that the first one is considered weaker
    than the second one. In TrueCrypt it is the opposite. You get a warning
    if the password/phrase is shorter than 20 characters. I suppose you
    could find other sites that are of opposite opinion?


    Rusty wrote:
    > #1 is weak, #2 is reasonably strong.
    >
    > Try here for a strength tester and some guidelines.
    > http://www.securitystats.com/tools/password.php
    >
    > Ken
    >
    >
    > "AV" <> wrote in message
    > news:Hjnjf.39378$...
    >
    >>Which of these two passwords should be the most secure one:
    >>
    >>1. "Jag undrar vaad som aar ett sakert"
    >>
    >>2. "XVg6Gtzw"
    >>
    >>The first one is far more easy to understand for me since it is a somewhat
    >>incorrectly spelled sentence (in Swedish) whereas the other is 8 very
    >>cryptic characters not easy to remember.
    >>
    >>To me it the first one seems much more secure since it has so many more
    >>characters and therefore should take far longer to bruce force than the
    >>other. Dictionary attacks should also be rather useless since the words
    >>are incorrectly spelled and also it is a sentence and not a word. The
    >>sentence with similar mispellings would in English be something like:
    >>
    >>"I wooonder what iss a secuure"
    >>
    >>So what are you opinions?

    >
    >
    >
    AV, Dec 1, 2005
    #12
  13. AV

    AV Guest

    Perhaps I could make a real world example here? I have heard that
    zip-passwords are easily cracked? Much easier than WinRAR? Anyway I
    could zip something with a "weak" passphrase and anyone are welcome to
    try to crack it? Because I think my mind needs to become convinced that
    is it really so weak :)

    AV wrote:
    > That sounds very strange to me since the first one has so many more
    > characters and has misspelled words.
    >
    > And shouldn't any secure login to anything only accept just a few
    > attempts, e.g. three. To me it seems like if you just such a system (or
    > application) then actually a rather short password should be rather
    > safe. How likely is my "weak" passphrase below will be entered in three
    > attempts? And after these three attempts you need to restart the
    > application. How long time would it take for the fastest machine on
    > earth today to brute force that passphrase?
    >
    > But again, I cannot understand that the first one is considered weaker
    > than the second one. In TrueCrypt it is the opposite. You get a warning
    > if the password/phrase is shorter than 20 characters. I suppose you
    > could find other sites that are of opposite opinion?
    >
    >
    AV, Dec 1, 2005
    #13
  14. "nemo_outis" <> wrote:

    > Call me crazy if you will, but I'm of the opinion that you should not
    > be entering ANY password, whether asterisk protected or not, while
    > someone is looking over your shoulder.


    The question is wether you'd actually notice somebody looking - Tempest-
    attacks exist, as do binoculars. Oh, and whatever became of that
    theoretical attack where somebody wanted to use the light reflected on
    the wall to read the screen?


    Juergen Nieveler
    --
    Man who scratch ass should not bite fingernails.
    Juergen Nieveler, Dec 1, 2005
    #14
  15. AV

    nemo_outis Guest

    Anonymous <none@invalid> wrote in
    news::

    ....
    >> Call me crazy if you will, but I'm of the opinion that you should not
    >> be entering ANY password, whether asterisk protected or not, while
    >> someone is looking over your shoulder.

    >
    > The problem is that if you're building your passwords on screen in the
    > clear, your shoulder is less effective in hiding them. It's a LOT
    > easier for someone to see from further away.
    >
    > Your "user name" suggestion is a real security problem nemo. Not a
    > good idea at all.




    You misunderstand me. If anyone is in a position to directly observe you,
    you should NOT beentering a password, whether blanked by asterisks or not.

    As I explain in a related post, physical security (including, obviously,
    freedom from direct observation) is the bedrock that all other security is
    built on. Absent it, all is in vain.

    Regards,
    nemo_outis, Dec 1, 2005
    #15
  16. AV

    nemo_outis Guest

    Juergen Nieveler <> wrote in
    news::

    > "nemo_outis" <> wrote:
    >
    >> Call me crazy if you will, but I'm of the opinion that you should not
    >> be entering ANY password, whether asterisk protected or not, while
    >> someone is looking over your shoulder.

    >
    > The question is wether you'd actually notice somebody looking - Tempest-
    > attacks exist, as do binoculars. Oh, and whatever became of that
    > theoretical attack where somebody wanted to use the light reflected on
    > the wall to read the screen?
    >
    >
    > Juergen Nieveler




    If you would not notice somebody looking (or other forms of surrepitious
    observation and/or recording) there is something desperately wrong, either
    with you or with your environment.

    I take it as axiomatic that physical security of the computing environment
    has been established before all else; otherwise all the other safguards, no
    matter how elegant, no matter how many bits of encryption they include, are
    a castle built on sand.

    If, however, rather than the computing environment being insecure, it is
    oneself who is oblivious, then, again, no technical tricks will rescue one
    from the consequences.

    Regards,

    PS Yes, there can be specialized circumstances where physical security is
    weak (e.g., at a public ATM) and asterisked passwords have some limited
    value, but, in general, asterisked passwords are mostly frippery. In a
    situation where they are not needed, they are an annoyance; in a situtation
    where they might be needed, they are grossly inadequate.

    And, further, there can be other situations intermediate between the two
    cases (e.g., firing up your laptop in an airport lounge). However, even
    here, asterisks would be a very feeble reed to rely on. No, secure the
    environment first - otherwise you are gambling on the adversary's absence
    or ineptitude, not the strength of your system. Like Russian roulette, it
    is a gamble that you may sometimes win, but that doesn't make it any less
    imprudent.
    nemo_outis, Dec 1, 2005
    #16
  17. nemo_outis wrote:

    > Anonymous <none@invalid> wrote in
    > news::
    >
    > ...
    >>> Call me crazy if you will, but I'm of the opinion that you should not
    >>> be entering ANY password, whether asterisk protected or not, while
    >>> someone is looking over your shoulder.

    >>
    >> The problem is that if you're building your passwords on screen in the
    >> clear, your shoulder is less effective in hiding them. It's a LOT easier
    >> for someone to see from further away.
    >>
    >> Your "user name" suggestion is a real security problem nemo. Not a good
    >> idea at all.

    >
    >
    >
    > You misunderstand me. If anyone is in a position to directly observe you,
    > you should NOT beentering a password, whether blanked by asterisks or not.


    Nobody misunderstood anything at all nemo, you're simply FOS. You offered
    a thoroughly brainless proposition and you'll no doubt display a lack of
    maturity that might allow you to simply say "Ooops! My Bad".

    >
    > As I explain in a related post, physical security (including, obviously,
    > freedom from direct observation) is the bedrock that all other security is
    > built on. Absent it, all is in vain.


    Fortunately for those of us who live and work in the real world, life
    isn't constrained to your Faraday lined underground bunker version of
    reality. We have things like open spaced work places and windows in our
    houses, which by some strange coincidence might let someone see what's
    typed on a screen but not a keyboard. Your clownish self indulgence fails
    miserably because those asterisks on our screens are *PART* of our
    physical security, silly boy.

    Please feel free to embarrass yourself as long as you like by trying
    to defend your "type your pass phrase in the user name box" assininity,
    nemo. It would be most amusing to a lot of people to see you ground into
    the dirt on something so stupid. :p
    Borked Pseudo Mailed, Dec 1, 2005
    #17
  18. AV

    nemo_outis Guest

    Borked Pseudo Mailed <> wrote in
    news::

    > It would be most amusing to a lot of people to see
    > you ground into the dirt on something so stupid. :p



    No, no, that's merely your ax to grind, since you're still smarting from
    the drubbibng you got last time.

    I'll stick with my assertion that physical security, including freedom from
    direct observation, is bedrock that cannot be dispensed with.

    Regards,
    nemo_outis, Dec 1, 2005
    #18
  19. nemo_outis wrote:

    > Borked Pseudo Mailed <> wrote in
    > news::
    >
    >> It would be most amusing to a lot of people to see you ground into the
    >> dirt on something so stupid. :p

    >
    >
    > No, no, that's merely your ax to grind, since you're still smarting from
    > the drubbibng you got last time.


    See, I knew you couldn't muster up the minimal level of mental maturity
    you'd need to just admit your "user box" stupidity was anything but.

    You go kiddo! Toss aside every bit of common sense and decades of real
    life practices in favor of rummaging through your thesaurus for a new word
    or two. Make you look like a real winner, huh?

    And by the by, what "last time" would you be referring to? What humorous
    bit of self preservation reflex is it that makes you believe I've ever
    done anything but read your amphigory with anything but amazement that you
    aren't verbally beaten about the head and neck more often? Until viewing
    this bit of faux-paux absurdity of course. Would it be the coincidence of
    posting methods, or some laughable attempt to gain ground by lumping all
    your adversaries into one place?

    Wither way, nemo, it's pathetic.

    >
    > I'll stick with my assertion that physical security, including freedom
    > from direct observation, is bedrock that cannot be dispensed with.


    Good. Then you'll agree that displaying what you type on screen where it
    will be physically less secure than if you merely typed it with no display
    or substituted meaningless symbols for letters is something that MUST be
    dispensed with.

    Thank you for this unwilling admission, and good day! :)

    >
    > Regards,
    Borked Pseudo Mailed, Dec 1, 2005
    #19
  20. AV

    nemo_outis Guest

    Borked Pseudo Mailed <> wrote in
    news::


    Yawn! You have now exhausted what little entertainment value you provided.
    And so.... PLONK!
    nemo_outis, Dec 1, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jim
    Replies:
    1
    Views:
    621
    =?ISO-8859-2?Q?Rafa=B3_=A3o=BFy=F1ski?=
    May 8, 2005
  2. Franklin

    How secure are passwords in TweakUI autologon?

    Franklin, Oct 21, 2004, in forum: Computer Security
    Replies:
    7
    Views:
    5,028
    rsergio
    May 7, 2010
  3. Replies:
    0
    Views:
    562
  4. Replies:
    0
    Views:
    615
  5. Pepijn Schmitz
    Replies:
    3
    Views:
    1,032
    VanguardLH
    Jun 7, 2009
Loading...

Share This Page