3 Feb
2015
3 Feb
'15
5:37 p.m.
On Tue, Feb 3, 2015 at 11:20 AM, Scott Robbins scottro@nyc.rr.com wrote:
I don't think anybody is missing anything. "Palindrome" in this context may not be limited to real words; the author may be suggesting that you not pick your password by picking a real word and tacking on its reverse to make a palindrome, e.g., "password1drowssap".
Ah, that makes sense then, thanks.
I think the intent is: "Don't use a password likely to be included in the list that an attacker would try". Of course if services would rate-limit the failures by default or at least warn you about repeated failures and their source, brute-force attacks would rarely succeed. But fixing the problem doesn't seem to be the point here.
--
Les Mikesell
lesmikesell@gmail.com