Re: Article / Document about passwords vs. passphrases

[Kenton Smith <listsks () yahoo ca>]

I'm pretty sure I've used passwords in Windows with spaces in them, can't confirm it 100% at this point though.
As for Linux passwords; my understanding is that you can use a password of any length, however depending on the distro 
most only take the first x characters for the hash. Therefore all other characters in the password have no effect on 
the strength of the password. This may have changed with some of the more recent distros but I'm not sure.

Kenton

----- Original Message ----
From: Florian Rommel <frommel () gmail com>
To: Pen-Testing <pen-test () securityfocus com>
Cc: security-basics <security-basics () securityfocus com>
Sent: Monday, October 30, 2006 3:38:44 AM
Subject: Article / Document about passwords vs. passphrases

Hi list(s) sorry for crossposting but I think this is "relevant" to  
both lists.

I wrote an article about secure(r) passwords and easily formed ones  
aimed at the "user" level which can be found here: http://blog. 
2blocksaway.com/2006/10/29/easy-passwords-that-are-secure/
I then proceeded to send this to some of my clients in pdf form and  
as weblinks and i got quite a few mails this morning regarding it,  
some of them good, some of them bad. And the bad ones i need some  
help with.

I was told that Windows vista will not let you use (SPACE) in your  
password , can someone confirm or deny this? also someone said that  
only the most recent version of linux allow you to have long  
passwords, according to my memory, this has worked already for a  
looong time (i remember i used a long password quite a few years back  
already) so any info on that would be good too. Any pointer as to how  
to improve this article would be excellent since quite a few of the  
people I know use my stuff as reference and I wouldnt like to be  
"that" wrong :)

Thanks already for any help, i appreciate it.

regards,

//F. Rommel
http://2blocksaway.com

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------







---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------