On 4/15/07, geni geniice@gmail.com wrote:
No basic maths.
Chance of admin password being acquired for any given admin is X. Now we have no reason to think that low activity admins have more secure passwords than active admins. So we will assume that the mean value of X will remain constant regardless of the number of admins.
So the chance of an admin password being acquired = mean x*number of admins.
Mathematically speaking, this is flawed reasoning. A hacker, in order to obtain a password, has to hack the database to get it. This is obvious. All he would need to do is find a single admin account with a weak password, and obtain said password via his hacking. Seeing as there is no reason to assume that increasing the number of admin accounts would alter the ratio of accounts with strong passwords to accounts with weak passwords, increasing the number of accounts would not improve the chances of the hacker finding a weak account to hack. Simple math dictates that if the ratio of one thing to another in a given pile of things does not change, increasing the number of the things lying there will not improve your chances of picking the thing you want. If anything, the greater number of accounts would reduce the probability of finding one you want.