I couldn't picture having to tell my users to type in a 256 character password. Let's make it force 20 uppercase, 20 symbols, 20 high-bit character, 20 numbers as well. Although it'll be hard to crack, it'll take three hours before they can log in once. and that's with 2 phone calls to the helpdesk to unlock their accounts after they entered their password wrong 3 times in a row. :-)
Use a secure-ID key fob with a PIN, along with your usual Userid/password combination. You'll have a pretty secure login at that point. Exibar ----- Original Message ----- From: "joe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 21, 2004 11:32 AM Subject: RE: [Full-Disclosure] Senior M$ member says stop using passwords completely! > Well I don't think anyone is saying that the issue is that 128 character > passwords are being easily hacked so I am not quite sure I understand your > point about 256 characters and why you mention it. People seem to dislike > passwords greater than 14 characters let alone entering passwords of 150 , > 200 , or 250 characters. To put it another way, if MS suddenly increased the > buffer to allow for hashing of passwords 1024 characters in size would you > push that MS was more secure based on that? I doubt it, I certainly > wouldn't. > > BTW, I tried the link someone previously gave with the password hash I > previously posted and it is well under 128 characters and the web site > reported: > > Password: not found! > > > joe > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Eric Paynter > Sent: Monday, October 18, 2004 1:32 PM > To: [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] Senior M$ member says stop using passwords > completely! > > On Sat, October 16, 2004 5:25 pm, Tim said: > > The reason for my post was to point out that Mr. Hensing doesn't > > appear to be a reliable source of information on the topic of > > passwords and hash security. > > I think that much became apparent when Mr. Hensing took sarcastic shots at > Linux security (e.g. "Attack easier targets like all those Linux boxes you > installed because its so much more secure . . ."). Funny thing is, Linux > supports up to 256 character passwords by default - twice as long as > Windows. > > -Eric > > -- > arctic bears - email and dns services > http://www.arcticbears.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
