Educause Security Discussion mailing list archives
Re: password vs pass-phrase
From: Eric Case <ecase () EMAIL ARIZONA EDU>
Date: Thu, 18 Mar 2010 10:03:26 -0700
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel Rosenblatt Sent: Thursday, March 18, 2010 6:21 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] password vs pass-phrase
<snip>
For my money, two factor authentication, in one form or another, is the future.
And if one of those factors is a very weak password? A chain is only . . .
On the complexity topic (right now) there are no rainbow tables available for any password/phrase longer than 15 characters - I would just apply the standard password rules to the words in a pass phrase and make sure that as least one of them passes.
[Eric Case] Rainbow table require the hash. If they got into your server and got the hashes, you have bigger problems. -Eric Eric Case, CISSP eric (at) ericcase (dot) com http://www.linkedin.com/in/ericcase
Current thread:
- Re: password vs pass-phrase Ken Connelly (Mar 18)
- <Possible follow-ups>
- Re: password vs pass-phrase Joel Rosenblatt (Mar 18)
- Re: password vs pass-phrase Eric Case (Mar 18)
- Re: password vs pass-phrase Russell Fulton (Mar 18)
- Re: password vs pass-phrase Eric Case (Mar 18)
- Re: password vs pass-phrase Joel Rosenblatt (Mar 18)
- Re: password vs pass-phrase Russell Fulton (Mar 19)
- Re: password vs pass-phrase Eric Case (Mar 19)
- Re: password vs pass-phrase Flynn, Gerald (Mar 19)
- Re: password vs pass-phrase Allison Dolan (Mar 23)
- Re: password vs pass-phrase Russell Fulton (Mar 27)