Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Secure Password Policy?

From: "Mike Dieroff" <michael () bluescreenit co uk>
Date: Thu, 19 Jan 2006 17:38:43 -0000
Hi there,
As far as I remember, the NTLANMAN hash maxed at 8 and LM hashes at 13 characters... could be corrected...
I have not really heard of any 'secure' implementation with 6 character passwords - The minimum today would be: 

1.) Password length: 8 characters
2.) Full complexity: Upper and lower case, numerals, alphanumerics <---- Don't forget the spacebar here!!always a good one! 
3.) Max age average of around 40 - 60 days dependant
4.) History of around 10 passwords


Hope this helps,

Mike



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: 

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: