Re: Re: ADS Password Storage Protection
- From: eric.baechle@xxxxxxx
- Date: 26 Jul 2006 18:16:38 -0000
I think everyone is on the same page about the mathematical complexity of passwords either coming from length or from additional character ranges.
But how does one begin to crack a password? One would first need the password hash. Where are the password hashes stored? How are the accessed? Once you have the answer to those questions, then you may decide that a 4-character simple password is good enough. Because if an attacker can crack your password hash, they had or HAVE access to your password hash, which means they've got system rights to your Domain Controllers! What's the bigger problem?
Sincerely,
Eric B.
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Prev by Date: How to stop Admins from sniffing ?
- Next by Date: Re: Penetration tester skill set,
- Previous by thread: Re: RE: ADS Password Storage Protection
- Next by thread: Re: RE: ADS Password Storage Protection
- Index(es):
Relevant Pages
|
|
