Well I don't think anyone is saying that the issue is that 128 character passwords are being easily hacked so I am not quite sure I understand your point about 256 characters and why you mention it. People seem to dislike passwords greater than 14 characters let alone entering passwords of 150 , 200 , or 250 characters. To put it another way, if MS suddenly increased the buffer to allow for hashing of passwords 1024 characters in size would you push that MS was more secure based on that? I doubt it, I certainly wouldn't.
BTW, I tried the link someone previously gave with the password hash I previously posted and it is well under 128 characters and the web site reported: Password: not found! joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Paynter Sent: Monday, October 18, 2004 1:32 PM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Senior M$ member says stop using passwords completely! On Sat, October 16, 2004 5:25 pm, Tim said: > The reason for my post was to point out that Mr. Hensing doesn't > appear to be a reliable source of information on the topic of > passwords and hash security. I think that much became apparent when Mr. Hensing took sarcastic shots at Linux security (e.g. "Attack easier targets like all those Linux boxes you installed because its so much more secure . . ."). Funny thing is, Linux supports up to 256 character passwords by default - twice as long as Windows. -Eric -- arctic bears - email and dns services http://www.arcticbears.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
