Firewall Wizards mailing list archives
Re: "Proactive" Password Checking
From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Wed, 10 Nov 1999 10:30:32 -0500 (EST)
Just read this password checking thread and a lot of you seem to say, some things which seem a bit strange to me. A complex password does not have to be something like "$5dsdDe%AzW3q" this is hard to crack and hard to remember. (users forgetting or writing it down) Now consider the password "maryhadalittlelamb" hard to crack, easy to remember, not a problem for dictionary crackers. Just tell users to put a few words _together_ for security, like their favorite song lyric or something. I felt obligated to tell you all this, because it felt like no person in the thread was aware or voiced this."Kurt Buff" <kurtbuff () lightmail com> 11/05/99 07:35PM >>>
If it is known that this is your password technique, I am sure a lot of passwords will be easily cracked in short order. >;-> There are a finite number of truly popular songs. Just listen to what a target hums or listens to, to narrow the search even further. Some systems have a fixed, short password size, and can't change it, since there is a lot of code that assumes that standard password setup. It may even be embedded in IEEE and FIPS standards. ;-) In those cases, it is a good idea to have pronounceable but "strange" passwords, with embedded punctuation characters and digits, and mixed case [assuming the system is intelligent enough to understand the difference between cases]. One site I know of got multiple language dictionaries and chooses words at random from all of them, inserting punctuation at odd places. The trick there is to find the words that aren't offensive in any other language ... a yet unsolved problem. ;-) -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- Re: "Proactive" Password Checking, (continued)
- Re: "Proactive" Password Checking Alec Muffett (Nov 06)
- RE: "Proactive" Password Checking Anton J Aylward (Nov 06)
- RE: "Proactive" Password Checking Kurt Buff (Nov 06)
- Re: "Proactive" Password Checking Frank O'Dwyer (Nov 18)
- RE: "Proactive" Password Checking Moore, James (Nov 06)
- RE: "Proactive" Password Checking Russ (Nov 06)
- Re: "Proactive" Password Checking REID FOX (Nov 06)
- RE: "Proactive" Password Checking Moore, James (Nov 08)
- RE: "Proactive" Password Checking Russ (Nov 09)
- RE: "Proactive" Password Checking Eric Toll (Nov 10)
- Re: "Proactive" Password Checking Joseph S D Yao (Nov 10)
- Re: "Proactive" Password Checking Alec Muffett (Nov 10)
- RE: "Proactive" Password Checking daN. (Nov 15)
- Re: "Proactive" Password Checking Eric Toll (Nov 10)
- Re: "Proactive" Password Checking Rick Smith (Nov 11)
- Re: "Proactive" Password Checking Eric Budke (Nov 14)
- Message not available
- Re: "Proactive" Password Checking Eric Budke (Nov 17)
- Re: "Proactive" Password Checking Rick Smith (Nov 11)
- Re: "Proactive" Password Checking Rick Smith (Nov 14)
- RE: "Proactive" Password Checking Andreas Gunnarsson (Nov 14)
- Re: "Proactive" Password Checking Dorian Moore (Nov 14)