Re: Password Management

["Stephen John Smoogen" <smooge () gmail com>]

On 4/21/06, Christopher Carpenter <ccarpenter () dswa net> wrote:
> That's patently false.  The longer the password, the better it will hold
> up against brute force attacks.  Length and complexity also provide a
> measure of protection against those using rainbow tables.

If I remember correctly, the 7 letter issue comes from
networks/machines that have LMAN configured. The LMAN password is
broken into 7 character chunks. So if you have a 8 character password
you will send in the clear or store a 7 character password and a 1
character password. So in this case a longer password does not help
because you are only looking at 7 characters per cipherd bit.

So the answer is if you use LANMAN or equivalent passwords, you are
only getting protection of 7 characters per 'part'. Thats bad..
Friends do not let friends use LANMAN. The other options for passwords
also have their limitations that you need to research before you
implement the one that is best for your environment. (E.G. if you have
NT 3.51 and NT-4.0 boxes.. you are stuck with certain choices.. )

> Rainbow Tables (Wikipedia)
> http://en.wikipedia.org/wiki/Rainbow_table
>
> Password Recovery Speeds (Lockdown.co.uk)
> http://www.thecrypt.co.uk/lockdown/recovery_speeds.html


--
Stephen J Smoogen.
CSIRT/Linux System Administrator

-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------