| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041020061553.WEYJ1249.fep10@avivraff> From: avivra at 012.net.il (Aviv Raff) Subject: Senior M$ member says stop using passwords completely! If they crack it, they might be able to automatically change the password to a readable one. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Todd Towles Sent: Tuesday, October 19, 2004 10:42 PM To: Pavel Kankovsky; full-disclosure@...ts.netsys.com Subject: RE: [Full-Disclosure] Senior M$ member says stop using passwords completely! I was under the understand that passwords of over 14 characters were stored with a more secure hash, therefore 14 characters passwords were harder to crack, due to the more secure hash. Windows will create two different hashes for passwords shorting than 14 characters, I do believe. Just use a non-printable character in your password and cracking is useless...if they crack it, they can't read what they cracked. ;) > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Pavel > Kankovsky > Sent: Sunday, October 17, 2004 2:21 PM > To: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Senior M$ member says stop using > passwords completely! > > On Sat, 16 Oct 2004, Frank Knobbe wrote: > > > It's a nice recommendation of MS to make (to use long passphrases > > instead of passwords). But I don't consider 14 chars a "passphrase". > > Perhaps they should enable more/all password components to > handle much > > longer passwords/phrases. > > A passphrase consisting of 7 words and 12 bits of entropy per a word > is as guessable as a password with 14 characters and 6 bits of entropy > per a character. You get 84 bits of total entropy in both cases. > > The only advantage of passphrases is that lusers might find long > random sequences of words easier to remember than long random > sequences of characters. > > (But wait: 12 bits of entropy per a word--this is equivalent to a > uniform choice of one word out of 4096. 4 thousand? That might exceed > an average luser's vocabulary by an order of magnitude! ;>) > > --Pavel Kankovsky aka Peak [ Boycott > Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. > Open your source code and prepare for assimilation." > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ############################################################################ ######### This Mail Was Scanned by 012.net Anti Virus Service - Powered by TrendMicro Interscan
Powered by blists - more mailing lists