On Wed, 3 Apr 2002, Nikhil D. Kikkeri wrote:
What about a birthday attack? a birthday attack seems to work against
anything that can correctly guess a password will work against any encryption. The task is to use an unguessable password so that brute force will be the only method that works. Then, pick an encryption scheme that makes even brute force impossible.
You still cannot protect against stupid users. People who write down their passwords on pieces of paper and stick these on the monitor, or worse, on the company bulletin board.
then, there's also social engineering.