Don, For Brute Force cracking our thief may need a lot of leisure time. I have a Password Protected Word document from 7 years ago that I forgot the password on. Occasionally I start up a brute force cracker to open this file as I'd like to have the contents back.
Over the last 5 years I've accumulated nearly six months of 'crack time' on some pretty fast desktops, and I'm not even half way there. Ron > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On > Behalf Of Don Leahy > Sent: Friday, 16 February 2007 8:59 AM > To: [email protected] > Subject: Re: Mixed Case Password on z/OS 1.7 and ACF 2 Version 8 > > It is pretty obvious that weak passwords greatly increase the likelihood > that a brute force attack will work. > > However, since most (all?) systems revoke userids after a very small > number > of unsuccessful password attempts, the issue of strong vs weak passwords > is > totally irrelevant to your end users, so why burden them with strict > password policies? Even a weak password will stand up to a brute force > attack if the userid is revoked after 3 failures. > > Protecting the password data base from theft is the security > administrator's > job, not the end user's. It doesn't matter how strong the safe or how > complex the combination, if the thief can tuck it under his arm and take > it > home with him to work on at his leisure. > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
