Security Basics mailing list archives
RE: Re: Re: RE: ADS Password Storage Protection
From: "dave kleiman" <dave () davekleiman com>
Date: Tue, 18 Jul 2006 13:16:53 -0400
Winshel, That would be because after 14 characters there is no LM hash store of the password on a windows system. Some excellent resources for discussions on good password polices and ideas: http://www.securityfocus.com/archive/88/312263 5-Minute Security Advisor - Choosing a Good Password Policy: http://www.microsoft.com/technet/archive/community/columns/security/5min/5mi n-302.mspx Frequently Asked Questions About Passwords: http://www.microsoft.com/technet/community/columns/secmgmt/sm1005.mspx The Great Debates: Pass Phrases vs. Passwords: http://www.microsoft.com/technet/community/columns/secmgmt/sm1004.mspx http://www.microsoft.com/technet/community/columns/secmgmt/sm1104.mspx http://www.microsoft.com/technet/community/columns/secmgmt/sm1204.mspx And: http://www.syngress.com/catalog/?pid=3420 http://www.castlecops.com/a5842-Passwords_Staying_Safe.html Dave -----Original Message----- From: winshel () camden rutgers edu [mailto:winshel () camden rutgers edu] Sent: Monday, July 17, 2006 23:49 To: security-basics () securityfocus com Subject: Re: Re: Re: RE: ADS Password Storage Protection Thanks for the comment. I'm still unclear - if I'm not mischaraterizing the situation - why there seems to be a lot of support for the idea that a 15 character windows passphrase can be a real phrase and be very secure. Do you think there is - or will be in the near future - a passphrase attack? Is there such a thing as a "strong passphrase?" --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: ADS Password Storage Protection, (continued)
- Re: ADS Password Storage Protection Jeffrey F. Bloss (Jul 21)
- RE: ADS Password Storage Protection Roger A. Grimes (Jul 24)
- Re: ADS Password Storage Protection Eoin Miller (Jul 18)
- RE: ADS Password Storage Protection Depp, Dennis M. (Jul 19)
- RE: ADS Password Storage Protection Roger A. Grimes (Jul 21)
- Re: Re: RE: ADS Password Storage Protection Gregory Rubin (Jul 18)
- RE: Re: RE: ADS Password Storage Protection Pranav Lal (Jul 19)
- Re: Re: Re: RE: ADS Password Storage Protection winshel (Jul 18)
- Re: ADS Password Storage Protection ab (Jul 19)
- Re: ADS Password Storage Protection Gregory Rubin (Jul 21)
- RE: Re: Re: RE: ADS Password Storage Protection dave kleiman (Jul 19)
- RE: Re: Re: RE: ADS Password Storage Protection Harold Winshel (Jul 21)
- Re: ADS Password Storage Protection ab (Jul 19)
- Re: ADS Password Storage Protection Eoin Miller (Jul 19)
- RE: ADS Password Storage Protection Roger A. Grimes (Jul 19)
- RE: ADS Password Storage Protection Roger A. Grimes (Jul 21)
- RE: ADS Password Storage Protection Robertson, Seth (JSC-IM) (Jul 21)
- Re: RE: ADS Password Storage Protection eric . baechle (Jul 21)
- Re: Re: ADS Password Storage Protection eric . baechle (Jul 27)
- Re: RE: ADS Password Storage Protection e . m . baechle (Jul 28)
- RE: RE: ADS Password Storage Protection Roger A. Grimes (Jul 31)