lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: toddtowles at brookshires.com (Todd Towles)
Subject: Senior M$ member says stop using passwords completely!

Changing it is a option, but that is true for any password cracking. But
of course changing the password makes your presence really known. 

> -----Original Message-----
> From: Aviv Raff [mailto:avivra@....net.il] 
> Sent: Wednesday, October 20, 2004 1:16 AM
> To: Todd Towles; 'Pavel Kankovsky'; full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] Senior M$ member says stop 
> using passwords completely!
> 
> If they crack it, they might be able to automatically change 
> the password to a readable one.
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> Todd Towles
> Sent: Tuesday, October 19, 2004 10:42 PM
> To: Pavel Kankovsky; full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] Senior M$ member says stop 
> using passwords completely!
> 
> 
> I was under the understand that passwords of over 14 
> characters were stored with a more secure hash, therefore 14 
> characters passwords were harder to crack, due to the more 
> secure hash. Windows will create two different hashes for 
> passwords shorting than 14 characters, I do believe.
> 
> Just use a non-printable character in your password and 
> cracking is useless...if they crack it, they can't read what 
> they cracked. ;) 
> 
> > -----Original Message-----
> > From: full-disclosure-admin@...ts.netsys.com
> > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Pavel 
> > Kankovsky
> > Sent: Sunday, October 17, 2004 2:21 PM
> > To: full-disclosure@...ts.netsys.com
> > Subject: Re: [Full-Disclosure] Senior M$ member says stop using 
> > passwords completely!
> > 
> > On Sat, 16 Oct 2004, Frank Knobbe wrote:
> > 
> > > It's a nice recommendation of MS to make (to use long passphrases 
> > > instead of passwords). But I don't consider 14 chars a 
> "passphrase".
> > > Perhaps they should enable more/all password components to
> > handle much
> > > longer passwords/phrases.
> > 
> > A passphrase consisting of 7 words and 12 bits of entropy 
> per a word 
> > is as guessable as a password with 14 characters and 6 bits 
> of entropy 
> > per a character. You get 84 bits of total entropy in both cases.
> > 
> > The only advantage of passphrases is that lusers might find long 
> > random sequences of words easier to remember than long random 
> > sequences of characters.
> > 
> > (But wait: 12 bits of entropy per a word--this is equivalent to a 
> > uniform choice of one word out of 4096. 4 thousand? That 
> might exceed 
> > an average luser's vocabulary by an order of magnitude! ;>)
> > 
> > --Pavel Kankovsky aka Peak  [ Boycott 
> > Microsoft--http://www.vcnet.com/bms ] "Resistance is futile.
> > Open your source code and prepare for assimilation."
> > 
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> ##############################################################
> ##############
> #########
> This Mail Was Scanned by 012.net Anti Virus Service - Powered 
> by TrendMicro Interscan
> 
> 


Powered by blists - more mailing lists