| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9E97F0997FB84D42B221B9FB203EFA27171F4D@dc1ms2.msad.brookshires.net> From: toddtowles at brookshires.com (Todd Towles) Subject: Senior M$ member says stop using passwords completely! Changing it is a option, but that is true for any password cracking. But of course changing the password makes your presence really known. > -----Original Message----- > From: Aviv Raff [mailto:avivra@....net.il] > Sent: Wednesday, October 20, 2004 1:16 AM > To: Todd Towles; 'Pavel Kankovsky'; full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] Senior M$ member says stop > using passwords completely! > > If they crack it, they might be able to automatically change > the password to a readable one. > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Todd Towles > Sent: Tuesday, October 19, 2004 10:42 PM > To: Pavel Kankovsky; full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] Senior M$ member says stop > using passwords completely! > > > I was under the understand that passwords of over 14 > characters were stored with a more secure hash, therefore 14 > characters passwords were harder to crack, due to the more > secure hash. Windows will create two different hashes for > passwords shorting than 14 characters, I do believe. > > Just use a non-printable character in your password and > cracking is useless...if they crack it, they can't read what > they cracked. ;) > > > -----Original Message----- > > From: full-disclosure-admin@...ts.netsys.com > > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Pavel > > Kankovsky > > Sent: Sunday, October 17, 2004 2:21 PM > > To: full-disclosure@...ts.netsys.com > > Subject: Re: [Full-Disclosure] Senior M$ member says stop using > > passwords completely! > > > > On Sat, 16 Oct 2004, Frank Knobbe wrote: > > > > > It's a nice recommendation of MS to make (to use long passphrases > > > instead of passwords). But I don't consider 14 chars a > "passphrase". > > > Perhaps they should enable more/all password components to > > handle much > > > longer passwords/phrases. > > > > A passphrase consisting of 7 words and 12 bits of entropy > per a word > > is as guessable as a password with 14 characters and 6 bits > of entropy > > per a character. You get 84 bits of total entropy in both cases. > > > > The only advantage of passphrases is that lusers might find long > > random sequences of words easier to remember than long random > > sequences of characters. > > > > (But wait: 12 bits of entropy per a word--this is equivalent to a > > uniform choice of one word out of 4096. 4 thousand? That > might exceed > > an average luser's vocabulary by an order of magnitude! ;>) > > > > --Pavel Kankovsky aka Peak [ Boycott > > Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. > > Open your source code and prepare for assimilation." > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > ############################################################## > ############## > ######### > This Mail Was Scanned by 012.net Anti Virus Service - Powered > by TrendMicro Interscan > >
Powered by blists - more mailing lists