Full Disclosure mailing list archives

Re: Senior M$ member says stop using passwords completely!

From: Frank Knobbe <frank () knobbe us>
Date: Sat, 16 Oct 2004 11:46:45 -0500

On Sat, 2004-10-16 at 09:46, Tim wrote:

Even if this was a new attack, a full rainbow table shouldn't be
possible against a secure hash.


True if the hashes are salted. (with more than one byte please,
otherwise they just use 256 DVDs :)

"Pass-phrase LENGTH, not complexity defeats these attacks."

Not if your hashes are chunked like some (all?) of M$'s.  Precomputed
chunks with a good lookup table defeats longer passwords.


It's a nice recommendation of MS to make (to use long passphrases
instead of passwords). But I don't consider 14 chars a "passphrase".
Perhaps they should enable more/all password components to handle much
longer passwords/phrases.

Let me guess, that will all be fixed in Longshot.

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Senior M$ member says stop using passwords completely! RandallM (Oct 16)
- Re: Senior M$ member says stop using passwords completely! Tim (Oct 16)
  - Re: Senior M$ member says stop using passwords completely! Micheal Espinola Jr (Oct 16)
    - Re: Senior M$ member says stop using passwords completely! Tim (Oct 16)
    - RE: Senior M$ member says stop using passwords completely! joe (Oct 18)
    - Re: Senior M$ member says stop using passwords completely! Eric Paynter (Oct 18)
    - RE: Senior M$ member says stop using passwords completely! joe (Oct 21)
    - Websphere 3.5 Alerta Redsegura (Oct 21)
    - Re: Senior M$ member says stop using passwords completely! Exibar (Oct 21)
  - Re: Senior M$ member says stop using passwords completely! Frank Knobbe (Oct 16)
    - Re: Senior M$ member says stop using passwords completely! Frank Knobbe (Oct 16)
    - Re: Senior M$ member says stop using passwords completely! Pavel Kankovsky (Oct 19)
  - Re: Senior M$ member says stop using passwords completely! Andrew Farmer (Oct 20)
- RE: Senior M$ member says stop using passwords completely! Aviv Raff (Oct 16)
  - RE: Senior M$ member says stop using passwords completely! RandallM (Oct 16)
- Re: Senior M$ member says stop using passwords completely! Georgi Guninski (Oct 20)
  - Re: Senior M$ member says stop using passwords completely! Danny (Oct 20)
    - Re: Senior M$ member says stop using passwords completely! Maarten (Oct 20)
    - Re: Senior M$ member says stop using passwords completely! Georgi Guninski (Oct 21)
    - Re: Senior M$ member says stop using passwords completely! Danny (Oct 21)

(Thread continues...)