On 4/15/07, Dycedarg <darthvader1219(a)gmail.com> wrote:
Mathematically speaking, this is flawed reasoning. A
hacker, in order to
obtain a password, has to hack the database to get it. This is obvious.
And false. Other attack line would be key loggers, brute force
dictionary attacks and since login is not encrypted it would be
possible to intercept the password in transit.
All
he would need to do is find a single admin account with a weak password, and
obtain said password via his hacking. Seeing as there is no reason to assume
that increasing the number of admin accounts would alter the ratio of
accounts with strong passwords to accounts with weak passwords, increasing
the number of accounts would not improve the chances of the hacker finding a
weak account to hack. Simple math dictates that if the ratio of one thing to
another in a given pile of things does not change, increasing the number of
the things lying there will not improve your chances of picking the thing
you want. If anything, the greater number of accounts would reduce the
probability of finding one you want.
No. The problem is that you are assumeing the cost of mounting 2
attacks is twice as great as mounting one attack. This is not the
case.
--
geni