| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: frank at knobbe.us (Frank Knobbe) Subject: Senior M$ member says stop using passwords completely! On Sat, 2004-10-16 at 09:46, Tim wrote: > Even if this was a new attack, a full rainbow table shouldn't be > possible against a secure hash. True if the hashes are salted. (with more than one byte please, otherwise they just use 256 DVDs :) > "Pass-phrase LENGTH, not complexity defeats these attacks." > > Not if your hashes are chunked like some (all?) of M$'s. Precomputed > chunks with a good lookup table defeats longer passwords. It's a nice recommendation of MS to make (to use long passphrases instead of passwords). But I don't consider 14 chars a "passphrase". Perhaps they should enable more/all password components to handle much longer passwords/phrases. Let me guess, that will all be fixed in Longshot. Cheers, Frank -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041016/5a4b3dce/attachment.bin
Powered by blists - more mailing lists