Re: FAQ: How can I generate good strong passwords?

From: Rico (rico_001_at_hotmail.com)
Date: 10/14/05 

Date: Fri, 14 Oct 2005 20:55:16 GMT

In article <OOI3f.139536$qY1.67805@bgtnsc04-news.ops.worldnet.att.net>, John Navas <spamfilter0@navasgroup.com> wrote:
>[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
>
>In <dinjmc$gdk$2@nntp.itservices.ubc.ca> on 14 Oct 2005 06:37:00 GMT, Unruh
><unruh-spam@physics.ubc.ca> wrote:
>
>>rico_001@hotmail.com (Rico) writes:
>>
>>>Well ultimately I suspect any password can be cracked given enough CPU
>>>poser and time. With that in mind, any password will be a weak point in
>>>security. Seems I recall seeing an article on /. some months back about the
>>>FBI being able to crack passwords in minutes to a few hours.
>>
>>yes, they found mind reading equipment in area 15 and are using that to get
>>the passwords.
>>Makes as much sense as what you are saying.
>>The password is far from the weak point in security if a modicum of care is
>>taken. there are far far easier ways of getting the information in almost
>>all cases than breaking the password.
>
>Yep, the most common issues being lack of physical security and human error.
>

I don't necessarily consider it a 'user' error if on a network for example
the admin requires 20 character passwords with digits etc. No one (well
very few) can remember such so they get written down and sticky noted to
the monitor. How smart is that password policy then? Of course on a
wireless net it is only a onw time thing, but passwords in general are a
vulnerability, to be easy enough to remember renders them easy to attack,
the ones hard to attack get written down...

fundamentalism, fundamentally wrong.

Relevant Pages

  • RE: SHA-1 vs. triple-DES for password encryption?
    ... when you deal with passwords. ... Cryptographers call an attack something that would work on say ... > triple-DES and SHA-1 algorithms available. ... By not using triple-DES there is no need to secure a key ...
    (SecProg)
  • Re: Netowrk Admin. Breach
    ... attack, but at the time it was a little beyond me. ... But my approach to network security is similar to his.....I look at ... no business knowing any of your sensitive passwords. ... demonstrated that using an account with no privs. ...
    (microsoft.public.windows.server.security)
  • Re: web browser security/hardening
    ... Never reuse any usernames, emails, or passwords ... cross site scripting is something the web sites you visit ... yourself...although disabling scripting anyway can thwart those attack ... The NSA has designated Norwich University a center of Academic ...
    (Security-Basics)
  • Re: confusion in ank.
    ... Because of how salt strings are factored into the key generation ... process, a dictionary attack based on ... passwords is going to have to incorporate specific salt strings -- ... were encrypted in a user's key or a randomized service key. ...
    (comp.protocols.kerberos)
  • Re: Creating a Password
    ... The devil is always in the details with security. ... > Whether it's a 'dictionary' or 'brute force' attack, ... > I will also agree that we're nit-picking the sentence "Such passwords can ... > only be cracked by means of brute force". ...
    (microsoft.public.security)
Quantcast