RE: Password creating Theories

["dave kleiman" <dave () isecureu com>]

Saqib,

I have been tasked with tech-editing the book (with Mark that is fairly easy
job).

I feel one of the great benefits to this book is Mark has explained things
in a way the most novice of users can understand. Now there are some
chapters that are for the Admin type users where he goes into Rainbow tables
and such.

However, this is book to help ease the Admins job, you as an Admin could
give this book to your end users and they would begin to "see the light" of
what you are trying to accomplish in a password policy.

Additionally, it may help some of the super-techie Admins understand why the
end user was not grasping the concept.

An example: 1 of many cool methods Mark uses to show the affect of password
length, is using the old Bicycle Combination locks, you know the old 3 digit
ones we all had or saw as kids, and how long it would take to crack, as
opposed to one with just 1 or 2 more digits.  All I can say is a spent about
3 hours out in the garage....

It is a fun and excellent book. (Note: I do not get a dime for any sales of
the book)


Dave






     -----Original Message-----
     From: Andrew Williams [mailto:Andrew () Syngress com]
     Sent: Tuesday, November 15, 2005 16:35
     To: Saqib Ali
     Cc: Jennifer Fountain; security-basics () securityfocus com
     Subject: RE: Password creating Theories

     When I first started discussing the book with the author
     (Mark Burnett), I thought a whole book on the topic seemed
     a bit much as well. But, the more I saw of Mark's
     manuscript, the more intrigued/interested I became in the idea.

     The book is relatively short, 200 pages total. So, we
     realized this couldn't be a door stop. The book is for
     both sys admins/infosec pros as well as users. One of the
     book's primary goals is to provide admins w/ strategies
     and polices they can convey to their users so that users
     will consistently create strong passwords that they can
     actually remember as well.

     It is also kind of a fun read with interesting facts,
     stats, etc.; like the 500 worst passwords of all time, etc.

     Best,
     A

     > -----Original Message-----
     > From: Saqib Ali [mailto:docbook.xml () gmail com]
     > Sent: Tuesday, November 15, 2005 4:18 PM
     > To: Andrew Williams
     > Cc: Jennifer Fountain; security-basics () securityfocus com
     > Subject: Re: Password creating Theories
     >
     > having a whole book dedicated to Password building seems an
     > overkill....
     >
     > who will be the target audience?-
     >
     > On 11/15/05, Andrew Williams <Andrew () syngress com> wrote:
     > > We're actually about to publish a book on ideas/strategies for
     > > building passwords and password policies. We have a
     sample chapter
     > > available on
     >
     > In Peace,
     > Saqib Ali
     > http://www.xml-dev.com/blog/
     > Consensus is good, but informed dictatorship is better.
     >