RE: Secure Password Policy?



I would recommend, the longer the better. The more complex the better.
It is possible that their 8 characters recommendation is connected to
the weaker still used LM Hash passwords in Microsoft machines.

http://en.wikipedia.org/wiki/LM_hash

Windows by default creates LM Hashes out of passwords, unless disabled
(or the password is over 15 digits).

A randomly generated password of 8 characters (this includes letter,
numbers and symbols) is pretty good. But bigger the better. Never used
dictionary words, and even backward dictionary words.

-Todd


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



Relevant Pages

  • RE: Whitespace in passwords - now alt+xxx
    ... Subject: Whitespace in passwords ... 60 possible characters and the password is 7 characters long. ... >> Check your website for vulnerabilities to SQL injection, ... >> scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • RE: Rainbow Tables
    ... Subject: Rainbow Tables ... Fortunatly for this project we are only doing LM passwords, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • RE: Rainbow Tables
    ... Subject: Rainbow Tables ... Fortunatly for this project we are only doing LM passwords, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are ...
    (Pen-Test)
  • Re: Rainbow Tables
    ... wouldn't it be easier to create a diccionary with the passwords ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • Re: Rainbow Tables
    ... I have now been tasked to take a list of passwords and try to generate a precomputed hash table out of those passwords...not sure if this can be done but of course I have to find a way..since I am "holding up a project". ... Reason for this...the idea is that if we take the current list of passwords create a pre-computed hash table the next time we audit we'd run LC5 and all but the passwords that changed and new accounts would get knocked out right away. ... Hackers are concentrating their efforts on attacking applications on your website. ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. ...
    (Pen-Test)