Some programs use passwords for access control, but do not protect the passwords in a very sophisticated manner (for example, by saving them in a file) or make determining the correct password very easy (for example, the Microsoft Word 5.0 encipherment scheme). The argument for using simple passwords and weak encipherment is that the data or programs being protected are of little value and the passwords give a small measure of privacy.
Given that what they are protecting is truly of little value, why is the use of such simple passwords and easily-broken encipherment bad?
ECS 153, Introduction to Computer Security Winter Quarter 2002 Email: [email protected] |