Brute-forced in a matter of seconds? What's your minimum password length?
We use 8 characters with passflt. There are 95 "typeable" non-whitespace characters on US keyboards. 95^8 is approximately 10^15. Even if a cracker could try one billion passwords per second (which would require many machines running in parallel), you're looking at an average cracking time of about 5.5 days. Granted, LC3 does a lot of things to make it's brute-force approach "smarter", like appending numbers and punctuation to dictionary words and trying those first. But no reasonable long password should even be cracked in seconds. -----Original Message----- From: James Liddil [mailto:[EMAIL PROTECTED]] Posted At: Thursday, May 02, 2002 9:42 AM Posted To: Exchange List Conversation: Password Policy Enforcement Subject: RE: Password Policy Enforcement I am running w2k and have the policy set to require they meet the complexity requirements. But I find that I am still able to crack these passwords in a matter of seconds. To me this is almost one of those questions that crosses many boundaries. Particularly with w2k,AD and exchange sort of being one beast. I would prefer to be able to plug as many holes as possible. And yes I am taking care of obvious things as part of a complete security review. Jim Liddil > -----Original Message----- > From: Hunter, Lori [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 10:02 AM > To: Exchange Discussions > Subject: RE: Password Policy Enforcement > > > What is the goal? What are you already doing to enforce > strong passwords? Are you running passfilt? > > This is really a question better suited for the WinNT list, > by the way. > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
