Friday, September 17, 2010

Strong Cryptography? Really?

Working with a client about a year ago, they were trying to implement strong cryptography.

After multiple failed iterations, I explained that the cryptography had to be strong, meaning they had to use a robust encryption algorithm and an encryption of sufficient length that it could not be feasibly broken through brute force attacks.

The client's response: "We use a 14 character passphrase. Isn't that good enough?"

* facepalm *