To infinity, and beyond! On Thu, May 24, 2012 at 11:17 AM, Crawford, Scott <[email protected]> wrote: > For longer than 14 characters? > > > > From: Michael B. Smith [mailto:[email protected]] > Sent: Thursday, May 24, 2012 12:34 PM > > > To: NT System Admin Issues > Subject: RE: Passphrases vs. password > > > > I’ve got a rainbow table set for all keyboard characters (US-standard > keyboard). Sure, that leaves out a lot of ALT+<whatevers>, but getting a > user to use those is unlikely. > > > > From: Crawford, Scott [mailto:[email protected]] > Sent: Thursday, May 24, 2012 11:47 AM > To: NT System Admin Issues > Subject: RE: Passphrases vs. password > > > > I’ve not seen rainbow tables that work for passwords longer than 14 > characters, and even that excludes a large chunk of the ASCII set. > > > > From: Ziots, Edward [mailto:[email protected]] > Sent: Thursday, May 24, 2012 7:53 AM > To: NT System Admin Issues > Subject: RE: Passphrases vs. password > > > > Might be a little better but honestly, if I can dump your hashes its only a > matter of time before they are cracked using rainbow tables. > > > > Z > > > > Edward Ziots > > CISSP, Security +, Network + > > Security Engineer > > Lifespan Organization > > [email protected] > > > > From: David Lum [mailto:[email protected]] > Sent: Thursday, May 24, 2012 8:51 AM > To: NT System Admin Issues > Subject: RE: Passphrases vs. password > > > > I have no idea what you said. I’m guessing you’re saying a 26-character > passphrase is no better than a 12-character password? > > > > From: Ziots, Edward [mailto:[email protected]] > Sent: Thursday, May 24, 2012 5:09 AM > To: NT System Admin Issues > Subject: RE: Passphrases vs. password > > > > Dump hashes of the passwords/passphrases, run then through a rainbow table, > game is still over. Either that or don’t even crack the hash, just pass the > hash and game is still over. Nice tool gsecdump gets a lot, and there are > other tools that will allow you to pass the hash. > > > > Z > > > > Edward Ziots > > CISSP, Security +, Network + > > Security Engineer > > Lifespan Organization > > [email protected] > > > > From: David Lum [mailto:[email protected]] > Sent: Wednesday, May 23, 2012 2:01 PM > To: NT System Admin Issues > Subject: Passphrases vs. password > > > > My passphrases are properly formatted sentences. We use IM here internally a > lot. > > > > On the plus side: > > If I inadvertently type “Long passwords are stupid!” into the wrong IM > window it’s not immediately obvious that the wrong window received the > input, vs. say “$eptember01” > > > > The downside: > > Some scanners scan-to-SMB will fail if the password is longer than 15 > characters. Dumb. > > David Lum > Systems Engineer // NWEATM > Office 503.548.5229 // Cell (voice/text) 503.267.9764 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
