Penetration Testing mailing list archives
Re: Whitespace in passwords
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sun, 18 Sep 2005 22:24:14 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 16 Sep 2005, Paul Robertson wrote:
On 9/9/05, Peter Parker <peterparker () fastmail fm> wrote:Most of the available crackers have option to brute all possible characters (including whitespaces). We want strong password because we dont want them to be compromised (by anymeans)Strong passwords *normally* force users to write them down, and unless you've exposed a dictionary-attackable service like OWA, don't really help- since the big risk is local exploitation where those little yellow notes make all the difference.
We've found additionally, short expiry times can also make this reverting to postit passes also happen with greater frequency, as well as having multiple passwd's for various systems...great case for OTP.
Thanks, Ron DuFresne- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDLiFSst+vzJSwZikRAqckAJ9xRTOR22uWjk7ygN9PC7etGH+jfwCfajfD
N1GTLUlallfY7v7UF+y6LFM=
=yKYt
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Whitespace in passwords Anders Thulin (Sep 07)
- RE: Whitespace in passwords Peter Parker (Sep 11)
- Re: Whitespace in passwords Paul Robertson (Sep 16)
- Re: Whitespace in passwords R. DuFresne (Sep 19)
- Re: Whitespace in passwords Paul Robertson (Sep 16)
- <Possible follow-ups>
- RE: Whitespace in passwords Andrew Meyers (Sep 08)
- Re: Whitespace in passwords Steve.Cummings (Sep 11)
- RE: Whitespace in passwords dave kleiman (Sep 12)
- Re: Whitespace in passwords Tim (Sep 14)
- RE: Whitespace in passwords dave kleiman (Sep 12)
- RE: Whitespace in passwords Craig Wright (Sep 14)
- RE: Whitespace in passwords Craig Wright (Sep 18)
- RE: Whitespace in passwords dave kleiman (Sep 19)
- Re: Whitespace in passwords Stephen J. Smoogen (Sep 19)
- RE: Whitespace in passwords Craig Wright (Sep 19)
- RE: Whitespace in passwords Craig Wright (Sep 19)
(Thread continues...)
- RE: Whitespace in passwords Peter Parker (Sep 11)