Educause Security Discussion mailing list archives

Re: 15 character minimum passwords

From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 9 Jul 2004 12:33:58 -0400

Gary Dobbins wrote:

e.g.

"______oftDontKnowCrypto"

Guess the first 7....


That is what I meant when I said "The only place
this presents a weakness is if one section is easier to crack
and it is possible to deduce the other section without having
to crack the second section."

Passwords should not have words and phrases in it.

If you pick a proper, random password, (meaning both
sections are random) then I believe the weakness
resulting from the LM method doesn't matter.

If the password is:

1234567 1234567
#FS1gws $Sv5

What does it matter?

--
Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Re: 15 character minimum passwords, (continued)
- Re: 15 character minimum passwords Gary Flynn (Jul 09)
- Re: 15 character minimum passwords Gary Dobbins (Jul 09)
- Re: 15 character minimum passwords Lucas, Bryan (Jul 09)
- Re: 15 character minimum passwords Buz Dale (Jul 09)
- Re: 15 character minimum passwords Matthew Keller (Jul 09)
- Re: 15 character minimum passwords Melissa Guenther (Jul 09)
- Re: 15 character minimum passwords Leslie Maltz (Jul 09)
- Re: 15 character minimum passwords Jim Loter (Jul 09)
- Re: 15 character minimum passwords Bill Frazier (Jul 09)
- Re: 15 character minimum passwords Lucas, Bryan (Jul 09)
- Re: 15 character minimum passwords Gary Flynn (Jul 09)
- Re: 15 character minimum passwords Wayne Wilson (Jul 09)
- Re: 15 character minimum passwords Scott Bradner (Jul 09)
- Re: 15 character minimum passwords Lucas, Bryan (Jul 09)
- Re: 15 character minimum passwords Gary Flynn (Jul 09)