I posted this elsewhere back in February 2016, when the FBI was attempting to force Apple to develop software to break the security of the iPhone.
[I have revised this to correct some errors. See the endnotes.]
There are people and governments that want to harm people in this country. They want to take your money, your property, or even your life. There are people who want to use force to overthrow the elected government and replace it with something more to their liking. This is the justification for spying and keeping secrets. People who threaten you and your country plot in secret, and the government – law enforcement  and the defense department in particular – have a duty to protect you. This is established in the Constitution and is so important that providing for a common defense is one of the very first things mentioned. To accomplish this mission we must spy on adversaries and even potential adversaries. The direct implication is that we must keep secrets, such as the identities of our spies and the means we use to spy. I believe this is all true and completely morally justifiable. I do not have any problem with the fact that the government must keep secrets, and nor should you.
The scope and lack of fundamental oversight of the NSA data collection program is poison to representative democracy. The statement “if you have nothing to hide, then you have nothing to fear” is the argument of the oppressor and tyrant, and apparently I need to explain why this is so. Continue reading “Secrets”
Our new book, Seven Deadliest Network Attacks, is finally out, and I have my copy. It is thin, but chock full of network attack goodness (I hope). Run out and get a copy and tell me what you think! The process of creating this book was quite painful, since it coincided with my changing jobs and relocating in two (or three) painful steps to a job that absolutely consumes all available cycles. I am grateful to my editors, co-authors, and family (who had to endure me doing most of the work at night) for not killing and/or replacing me.
How long are your passwords? Let’s say eight characters is the length. How many possibilities are there? Well, you can use any single-byte printable character (though I once used an escape key in an RS/6000 password; it worked, but isn’t a good idea everywhere), and any length from one to eight. Continue reading “Eight Character Passwords”