Full Disclosure mailing list archives
Re: Senior M$ member says stop using passwords completely!
From: Frank Knobbe <frank () knobbe us>
Date: Sat, 16 Oct 2004 11:46:45 -0500
On Sat, 2004-10-16 at 09:46, Tim wrote:
Even if this was a new attack, a full rainbow table shouldn't be possible against a secure hash.
True if the hashes are salted. (with more than one byte please, otherwise they just use 256 DVDs :)
"Pass-phrase LENGTH, not complexity defeats these attacks." Not if your hashes are chunked like some (all?) of M$'s. Precomputed chunks with a good lookup table defeats longer passwords.
It's a nice recommendation of MS to make (to use long passphrases instead of passwords). But I don't consider 14 chars a "passphrase". Perhaps they should enable more/all password components to handle much longer passwords/phrases. Let me guess, that will all be fixed in Longshot. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Senior M$ member says stop using passwords completely! RandallM (Oct 16)
- Re: Senior M$ member says stop using passwords completely! Tim (Oct 16)
- Re: Senior M$ member says stop using passwords completely! Micheal Espinola Jr (Oct 16)
- Re: Senior M$ member says stop using passwords completely! Tim (Oct 16)
- RE: Senior M$ member says stop using passwords completely! joe (Oct 18)
- Re: Senior M$ member says stop using passwords completely! Eric Paynter (Oct 18)
- RE: Senior M$ member says stop using passwords completely! joe (Oct 21)
- Websphere 3.5 Alerta Redsegura (Oct 21)
- Re: Senior M$ member says stop using passwords completely! Exibar (Oct 21)
- Re: Senior M$ member says stop using passwords completely! Micheal Espinola Jr (Oct 16)
- Re: Senior M$ member says stop using passwords completely! Tim (Oct 16)
- Re: Senior M$ member says stop using passwords completely! Frank Knobbe (Oct 16)
- Re: Senior M$ member says stop using passwords completely! Pavel Kankovsky (Oct 19)
- RE: Senior M$ member says stop using passwords completely! RandallM (Oct 16)
- Re: Senior M$ member says stop using passwords completely! Danny (Oct 20)
- Re: Senior M$ member says stop using passwords completely! Maarten (Oct 20)
- Re: Senior M$ member says stop using passwords completely! Georgi Guninski (Oct 21)
- Re: Senior M$ member says stop using passwords completely! Danny (Oct 21)