Even Russian spies have absurd password requirements

Security by on June 30, 2010 at 10:48 pm

From this fascinating CNET article on a few of the techniques that the Russian spies used to exchange data:

…the steganographic program was activated by pressing control-alt-E and then typing in a 27-character password, which the FBI found written down on a piece of paper during one of its searches.

While online passwords never need to be this complex - centralized management can prevent brute-force attack. Arguably, longer passwords are more important for local software (that can be stolen, then brute-forced). In fact, the leading theories on the ‘cracking’ of the wikileaks video suggest that they brute-forced the password that unlocked the encrypted contents.

A 27 character password certainly makes brute-forcing the password impossible. But human nature, even to extremely well-trained spies is to write things like this down.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. | Dave Naffziger's BlogDave & Iva Naffziger