Re: Radius access from provider to internal MS ISA Server

["Kyle R. Hofmann" <krh () lemniscate net>]

On Fri, 05 Jul 2002 11:53:54 -0400, Paul Robertson wrote:
> > your Radius box is giving the challenges then as long as they're "unique
> > in space and time" and not predictable then you're probably safe from
> > everything but a password guessing attack (modulo MD5 attacks). In other
> > words, use good passwords - but you probably didn't need to be told
> > that. 
>
> IMO, strong passwords are dead- dictionaries are too good now, if you're 
> using reusable passwords, you should assume compromised credentials at 
> some level, esepcially if a third party gets to participate.

Dictionaries are only too good if you use them to find your passwords.
What's wrong with using a random device and a Perl script?:

$ uname
OpenBSD
$ perl -we 'open(RND, "/dev/arandom");read(RND,$x,15);@x=split //,$x;for(@x){next if(ord($_)>191);print 
chr((ord($_)%96)+32);}print "\n";'
O6G2c}S#@|TS &
$

Try finding O6G2c}S#@|TS in a dictionary.  And if you can't remember it,
write it down on a slip of paper and put it in your wallet.

-- 
Kyle R. Hofmann <krh () lemniscate net>
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards