On 4/15/07, Dycedarg darthvader1219@gmail.com wrote:
Mathematically speaking, this is flawed reasoning. A hacker, in order to obtain a password, has to hack the database to get it. This is obvious.
And false. Other attack line would be key loggers, brute force dictionary attacks and since login is not encrypted it would be possible to intercept the password in transit.
All he would need to do is find a single admin account with a weak password, and obtain said password via his hacking. Seeing as there is no reason to assume that increasing the number of admin accounts would alter the ratio of accounts with strong passwords to accounts with weak passwords, increasing the number of accounts would not improve the chances of the hacker finding a weak account to hack. Simple math dictates that if the ratio of one thing to another in a given pile of things does not change, increasing the number of the things lying there will not improve your chances of picking the thing you want. If anything, the greater number of accounts would reduce the probability of finding one you want.
No. The problem is that you are assumeing the cost of mounting 2 attacks is twice as great as mounting one attack. This is not the case.