Full Disclosure mailing list archives
RE: Senior M$ member says stop using passwords completely!
From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 20 Oct 2004 09:40:53 -0500
Changing it is a option, but that is true for any password cracking. But of course changing the password makes your presence really known.
-----Original Message----- From: Aviv Raff [mailto:avivra () 012 net il] Sent: Wednesday, October 20, 2004 1:16 AM To: Todd Towles; 'Pavel Kankovsky'; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Senior M$ member says stop using passwords completely! If they crack it, they might be able to automatically change the password to a readable one. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Todd Towles Sent: Tuesday, October 19, 2004 10:42 PM To: Pavel Kankovsky; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Senior M$ member says stop using passwords completely! I was under the understand that passwords of over 14 characters were stored with a more secure hash, therefore 14 characters passwords were harder to crack, due to the more secure hash. Windows will create two different hashes for passwords shorting than 14 characters, I do believe. Just use a non-printable character in your password and cracking is useless...if they crack it, they can't read what they cracked. ;)-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Pavel Kankovsky Sent: Sunday, October 17, 2004 2:21 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Senior M$ member says stop using passwords completely! On Sat, 16 Oct 2004, Frank Knobbe wrote:It's a nice recommendation of MS to make (to use long passphrases instead of passwords). But I don't consider 14 chars a"passphrase".Perhaps they should enable more/all password components tohandle muchlonger passwords/phrases.A passphrase consisting of 7 words and 12 bits of entropyper a wordis as guessable as a password with 14 characters and 6 bitsof entropyper a character. You get 84 bits of total entropy in both cases. The only advantage of passphrases is that lusers might find long random sequences of words easier to remember than long random sequences of characters. (But wait: 12 bits of entropy per a word--this is equivalent to a uniform choice of one word out of 4096. 4 thousand? Thatmight exceedan average luser's vocabulary by an order of magnitude! ;>) --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ############################################################## ############## ######### This Mail Was Scanned by 012.net Anti Virus Service - Powered by TrendMicro Interscan
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Senior M$ member says stop using passwords completely!, (continued)
- Re: Senior M$ member says stop using passwords completely! Danny (Oct 20)
- Re: Senior M$ member says stop using passwords completely! Maarten (Oct 20)
- Re: Senior M$ member says stop using passwords completely! Georgi Guninski (Oct 21)
- Re: Senior M$ member says stop using passwords completely! Danny (Oct 21)
- Re: Senior M$ member says stop using passwords completely! Danny (Oct 20)
- RE: Senior M$ member says stop using passwords completely! Banta, Will (Oct 19)
- RE: Senior M$ member says stop using passwords completely! Frank Knobbe (Oct 19)
- RE: Senior M$ member says stop using passwords completely! Todd Towles (Oct 19)
- RE: Senior M$ member says stop using passwords completely! Aviv Raff (Oct 20)
- Re: Senior M$ member says stop using passwords completely! stephane nasdrovisky (Oct 20)
- RE: Senior M$ member says stop using passwords completely! James . McKinlay (Oct 20)
- RE: Senior M$ member says stop using passwords completely! Todd Towles (Oct 20)
- RE: Senior M$ member says stop using passwords completely! Thomas G O'Reilly (Oct 20)