Re: How secure is a password and how many characters does it allow?

From: Matthew Hunt (mph@astro.caltech.edu)
Date: 05/17/02

Next message: Geir Råness: "Re: How secure is a password and how many characters does it allow?"
Previous message: Nick Slager: "Re: IPSEC interoperability with Win2K client?"
In reply to: Jesper Wallin: "Re: How secure is a password and how many characters does it allow?"
Next in thread: Paul Herman: "Re: How secure is a password and how many characters does it allow?"
Reply: Paul Herman: "Re: How secure is a password and how many characters does it allow?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 16 May 2002 15:58:57 -0700
From: Matthew Hunt <mph@astro.caltech.edu>
To: Jesper Wallin <z3l3zt@phucking.kicks-ass.org>

On Fri, May 17, 2002 at 12:22:40AM +0200, Jesper Wallin wrote:

> How will that effect my security? Isn't it more secure to use 128 characters
> instead of 8? Sounds like, if the security was the same the blowfish would
> be default or something similar.. What do You recommend?

DES is the traditional algorithm, and is probably the default for
interoperability with old software and NIS. I've used MD5 for years with
no trouble for the longer password support. If you don't run NIS, then
I don't think there's any reason to stick with DES.

-- 
Matthew Hunt <mph@astro.caltech.edu> * Inertia is a property
http://www.pobox.com/~mph/           * of matter.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Geir Råness: "Re: How secure is a password and how many characters does it allow?"
Previous message: Nick Slager: "Re: IPSEC interoperability with Win2K client?"
In reply to: Jesper Wallin: "Re: How secure is a password and how many characters does it allow?"
Next in thread: Paul Herman: "Re: How secure is a password and how many characters does it allow?"
Reply: Paul Herman: "Re: How secure is a password and how many characters does it allow?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: How safe am I really?
... Have you disabled "Automatic Firewall Rule ... Creation" (wherever that is actually located in NIS 2003)? ... some others may only appear in the Security Alerts log.. ... when you PERMIT your web browser to have Internet ...
(alt.computer.security)
Risks Digest 26.27
... Gawker tech boss admits site security was crap ... RISKS of reusing ID numbers ... WikiLeaks, Secrets, and Lies - and a new book! ... Why You May Want to Avoid Non-ASCII Characters in Your Passwords ...
(comp.risks)
[REVS] CRLF Injection
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... two commonly used non-printing ASCII characters. ... additional fake log entry. ... E-mail headers, news headers and HTTP headers all have the structure "Key: ...
(Securiteam)
[Full-disclosure] Re: What A Click! [Internet Explorer]
... > tell your windows to open .HTA files in notepad. ... > (since there are more ways to cover windows with malicious lookalikes). ... >> Using custom Microsoft Agent characters it is possible to cover any kind ... including security or download dialogs. ...
(Full-Disclosure)
Re: Linksys home network problems
... That refers to a password of only 8 characters. ... But that compromises your security. ... What of the guest is using his laptop given by his employer "Intel"? ... Use a hotspot-type router with different security zones, ...
(alt.internet.wireless)