[WikiEN-l] Major dysfunction in RfA Culture

[Dycedarg]

On 4/15/07, geni <geniice at gmail.com> wrote:

> No basic maths.
>
> Chance of admin password being acquired for any given admin is X. Now
> we have no reason to think that low activity admins have more secure
> passwords than active admins. So we will assume that the mean value of
> X will remain constant regardless of the number of admins.
>
> So the chance of an admin password being acquired = mean x*number of
> admins.
>

Mathematically speaking, this is flawed reasoning. A hacker, in order to
obtain a password, has to hack the database to get it. This is obvious. All
he would need to do is find a single admin account with a weak password, and
obtain said password via his hacking. Seeing as there is no reason to assume
that increasing the number of admin accounts would alter the ratio of
accounts with strong passwords to accounts with weak passwords, increasing
the number of accounts would not improve the chances of the hacker finding a
weak account to hack. Simple math dictates that if the ratio of one thing to
another in a given pile of things does not change, increasing the number of
the things lying there will not improve your chances of picking the thing
you want. If anything, the greater number of accounts would reduce the
probability of finding one you want.

-- 

Dycedarg