Re: Expire or not expire?

---

• From: "Mark Randall" <markyr[mmmspam]@thatgmailthing.com>
• Date: Tue, 18 Dec 2007 03:47:05 -0000

---

"Ben M. Schorr, MVP" <bens@xxxxxxxxxxxxxxxx> wrote in message news:3851CEA8-1D67-4FD7-8AD3-DB9B178C92F3@xxxxxxxxxxxxxxxx

We also set the lockout policy so that an intruder could only brute force attempt about 100 passwords in an hour. By the time an intruder successfully brute forced a 15+ character passphrase at the rate of 100 attempts per hour the user whose account they were attacking will have long since retired. Not to mention the fact that the admins would pretty quickly notice that many failed login attempts in the log.

Not to mention how many terabytes of bandwidth it would take to break something 8+ chars.

--
Mark Randall
http://www.awportals.com

.

---

• References:
  • Re: Expire or not expire?
    • From: Ben M. Schorr, MVP

• Prev by Date: Re: Expire or not expire?
• Next by Date: Recommendations for use of Policy CA in small PKI solutions
• Previous by thread: Re: Expire or not expire?
• Next by thread: Re: Expire or not expire?
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2007-12