On 2015-02-03, Scott Robbins <scottro at nyc.rr.com> wrote:> On Tue, Feb 03, 2015 at 01:53:45PM +0000, Timothy Murphy wrote: >> >> The first is "Don't use a palindrome" >> which makes me wonder if the author knows the meaning of this word. >> I suspect he/she thinks it means "a known word backwards". > > That's what I would call it (or phrase or sequence of numbers.) When I > read your post, I thought I was missing something, but some cursory > googling indicates that I'm right. What am I missing here?I don't think anybody is missing anything. "Palindrome" in this context may not be limited to real words; the author may be suggesting that you not pick your password by picking a real word and tacking on its reverse to make a palindrome, e.g., "password1drowssap". --keith -- kkeller at wombat.san-francisco.ca.us
On Tue, Feb 03, 2015 at 07:52:53AM -0800, Keith Keller wrote:> On 2015-02-03, Scott Robbins <scottro at nyc.rr.com> wrote: > > On Tue, Feb 03, 2015 at 01:53:45PM +0000, Timothy Murphy wrote: > >> > >> The first is "Don't use a palindrome" > >> which makes me wonder if the author knows the meaning of this word. > >> I suspect he/she thinks it means "a known word backwards". > > > > That's what I would call it (or phrase or sequence of numbers.) When I > > read your post, I thought I was missing something, but some cursory > > googling indicates that I'm right. What am I missing here? > > I don't think anybody is missing anything. "Palindrome" in this context > may not be limited to real words; the author may be suggesting that you > not pick your password by picking a real word and tacking on its > reverse to make a palindrome, e.g., "password1drowssap". >Ah, that makes sense then, thanks. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
On Tue, Feb 3, 2015 at 11:20 AM, Scott Robbins <scottro at nyc.rr.com> wrote:>> >> I don't think anybody is missing anything. "Palindrome" in this context >> may not be limited to real words; the author may be suggesting that you >> not pick your password by picking a real word and tacking on its >> reverse to make a palindrome, e.g., "password1drowssap". >> > > Ah, that makes sense then, thanks.I think the intent is: "Don't use a password likely to be included in the list that an attacker would try". Of course if services would rate-limit the failures by default or at least warn you about repeated failures and their source, brute-force attacks would rarely succeed. But fixing the problem doesn't seem to be the point here. -- Les Mikesell lesmikesell at gmail.com