Firewall Wizards mailing list archives
RE: strong passwords (was Radius/MS ISA stuff)
From: "Behm, Jeffrey L." <BehmJL () bvsg com>
Date: Tue, 9 Jul 2002 07:06:13 -0500
From: George W. Capehart [mailto:capegeo () opengroup org] Sent: Monday, July 08, 2002 9:28 PM Daniel Djundjek wrote:Think of it this way. Most PIN Numbers for banks to take money out of an electronic teller is 4 Digit's, and I can't remember the last time I was forced to change this PIN code...Daniel, There is a *very* *important* distinction between a password and PIN that is used *in conjuction with* an ATM card.
<snip>
look for suspicious activity. So, even though, on the surface, a PIN may look like a very weak password, it's not. It is one factor of a dual-factor authentication mechanism that is only one component of a multi-component security/risk management/fraud management system. Contrast this with a password-only authentication mechanism that protects, say, NT, Unix, SQL Server or Oracle. I can start a dictionary attack against the password file and then go out to dinner, a movie, drinks, come back home, go to bed, sleep well all night, get up the next morning, go to work . . . while crack is working. I get an email when it's through . . . You get the picture.
I don't disagree overall, but you glossed over "how" one acquires the passwd file. If one already has access to the passwd file, then one has already completed the hard part. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: strong passwords (was Radius/MS ISA stuff) Daniel Djundjek (Jul 08)
- RE: strong passwords (was Radius/MS ISA stuff) Paul Robertson (Jul 08)
- Re: strong passwords (was Radius/MS ISA stuff) George W. Capehart (Jul 08)
- RE: strong passwords (was Radius/MS ISA stuff) Bill Royds (Jul 09)
- <Possible follow-ups>
- RE: strong passwords (was Radius/MS ISA stuff) Behm, Jeffrey L. (Jul 09)