Firewall Wizards mailing list archives

Re: Passwords (was: Stanford break in)

From: Dana Nowell <DanaNowell () cornerstonesoftware com>
Date: Mon, 26 Apr 2004 09:57:07 -0400

At 04:44 PM 4/23/2004 -0400, Paul D. Robertson wrote:

On Fri, 23 Apr 2004, Dana Nowell wrote:

Bottom line: do NOT, repeat, do NOT put ANY confidence in 'salts' saving
your A**.  The best defense is to not be in anyone's dictionary in the
first place.  Pick a password carefully and change it regularly.


Filling in the dictionary isn't that hard, and adding to it to generate
the "empty space" isn't all that bad for smaller lengths...

<snip>


Bottom line: Reusable passwords still suck. :)


Yup.  But I thought the premise was 'gotta use' reusable passwords.  Given
the requirement, you do what you can (1- attempt to change stupid
requirement (out of scope), 2- attempt to live with stupid requirement, 3-
find new job (out of scope, we're not hiring:-))

I was attmepting to help with part 2.




-- 
Dana Nowell     Cornerstone Software Inc.
Voice: 603-595-7480 Fax: 603-882-7313
email: DanaNowell_at_CornerstoneSoftware.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Passwords (was: Stanford break in) Dana Nowell (Apr 23)
- Re: Passwords (was: Stanford break in) Paul D. Robertson (Apr 23)
  - Re: Passwords (was: Stanford break in) Dana Nowell (Apr 27)
- Re: Passwords (was: Stanford break in) Adam Shostack (Apr 23)