| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: MarkC at mtbaker.wednet.edu (Mark Challender) Subject: Senior M$ member says stop using passwords completely! A simple passphrase -- Golfmakesyougomad! -- as a "password" will create a very difficult password to crack. Mark Challender, MCSE Network Administrator -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Exibar Sent: Thursday, October 21, 2004 10:07 AM To: joe; full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] Senior M$ member says stop using passwords completely! I couldn't picture having to tell my users to type in a 256 character password. Let's make it force 20 uppercase, 20 symbols, 20 high-bit character, 20 numbers as well. Although it'll be hard to crack, it'll take three hours before they can log in once. and that's with 2 phone calls to the helpdesk to unlock their accounts after they entered their password wrong 3 times in a row. :-) Use a secure-ID key fob with a PIN, along with your usual Userid/password combination. You'll have a pretty secure login at that point. Exibar ----- Original Message ----- From: "joe" <mvp@...ware.net> To: <full-disclosure@...ts.netsys.com> Sent: Thursday, October 21, 2004 11:32 AM Subject: RE: [Full-Disclosure] Senior M$ member says stop using passwords completely! > Well I don't think anyone is saying that the issue is that 128 character > passwords are being easily hacked so I am not quite sure I understand your > point about 256 characters and why you mention it. People seem to dislike > passwords greater than 14 characters let alone entering passwords of 150 , > 200 , or 250 characters. To put it another way, if MS suddenly increased the > buffer to allow for hashing of passwords 1024 characters in size would you > push that MS was more secure based on that? I doubt it, I certainly > wouldn't. > > BTW, I tried the link someone previously gave with the password hash I > previously posted and it is well under 128 characters and the web site > reported: > > Password: not found! > > > joe > > > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Eric Paynter > Sent: Monday, October 18, 2004 1:32 PM > To: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Senior M$ member says stop using passwords > completely! > > On Sat, October 16, 2004 5:25 pm, Tim said: > > The reason for my post was to point out that Mr. Hensing doesn't > > appear to be a reliable source of information on the topic of > > passwords and hash security. > > I think that much became apparent when Mr. Hensing took sarcastic shots at > Linux security (e.g. "Attack easier targets like all those Linux boxes you > installed because its so much more secure . . ."). Funny thing is, Linux > supports up to 256 character passwords by default - twice as long as > Windows. > > -Eric > > -- > arctic bears - email and dns services > http://www.arcticbears.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists