http://www.lockdown.co.uk/?pg=combi#Classes
See the note on the bottom of the page if you want your mind blown. -Jeff Steward On Thu, May 24, 2012 at 4:29 PM, Crawford, Scott <[email protected]>wrote: > Any idea how to calculate that? Even assuming we just use a-z,A-Z, and > 0-9, we have 62 characters, so is a 15 char rainbow table 62 times the size > of a 14 char one? I’d assume there’s some relationship similar to that. > Even if it’s just double size for each character you add, the tables are > not going to be storable once you start getting to the size of good > passphrases.**** > > ** ** > > *From:* Michael B. Smith [mailto:[email protected]] > *Sent:* Thursday, May 24, 2012 3:03 PM > > *To:* NT System Admin Issues > *Subject:* RE: Passphrases vs. password**** > > ** ** > > No, sorry. I should’ve clarified that.**** > > ** ** > > But they are available for purchase (or you can generate them yourself – > that’s not as ridiculously expensive in compute-time as it was even 5 years > ago).**** > > ** ** > > *From:* Crawford, Scott [mailto:[email protected]] > *Sent:* Thursday, May 24, 2012 2:17 PM > *To:* NT System Admin Issues > *Subject:* RE: Passphrases vs. password**** > > ** ** > > For longer than 14 characters?**** > > ** ** > > *From:* Michael B. Smith [mailto:[email protected]] > *Sent:* Thursday, May 24, 2012 12:34 PM > *To:* NT System Admin Issues > *Subject:* RE: Passphrases vs. password**** > > ** ** > > I’ve got a rainbow table set for all keyboard characters (US-standard > keyboard). Sure, that leaves out a lot of ALT+<whatevers>, but getting a > user to use those is unlikely.**** > > ** ** > > *From:* Crawford, Scott [mailto:[email protected]] > *Sent:* Thursday, May 24, 2012 11:47 AM > *To:* NT System Admin Issues > *Subject:* RE: Passphrases vs. password**** > > ** ** > > I’ve not seen rainbow tables that work for passwords longer than 14 > characters, and even that excludes a large chunk of the ASCII set.**** > > ** ** > > *From:* Ziots, Edward [mailto:[email protected]] > *Sent:* Thursday, May 24, 2012 7:53 AM > *To:* NT System Admin Issues > *Subject:* RE: Passphrases vs. password**** > > ** ** > > Might be a little better but honestly, if I can dump your hashes its only > a matter of time before they are cracked using rainbow tables. **** > > ** ** > > Z**** > > ** ** > > Edward Ziots**** > > CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ** ** > > *From:* David Lum [mailto:[email protected]] > *Sent:* Thursday, May 24, 2012 8:51 AM > *To:* NT System Admin Issues > *Subject:* RE: Passphrases vs. password**** > > ** ** > > I have no idea what you said. I’m guessing you’re saying a 26-character > passphrase is no better than a 12-character password?**** > > ** ** > > *From:* Ziots, Edward [mailto:[email protected] <[email protected]>] > *Sent:* Thursday, May 24, 2012 5:09 AM > *To:* NT System Admin Issues > *Subject:* RE: Passphrases vs. password**** > > ** ** > > Dump hashes of the passwords/passphrases, run then through a rainbow > table, game is still over. Either that or don’t even crack the hash, just > pass the hash and game is still over. Nice tool gsecdump gets a lot, and > there are other tools that will allow you to pass the hash. **** > > ** ** > > Z**** > > ** ** > > Edward Ziots**** > > CISSP, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > ** ** > > *From:* David Lum [mailto:[email protected]] > *Sent:* Wednesday, May 23, 2012 2:01 PM > *To:* NT System Admin Issues > *Subject:* Passphrases vs. password**** > > ** ** > > My passphrases are properly formatted sentences. We use IM here internally > a lot.**** > > ** ** > > On the plus side:**** > > If I inadvertently type “Long passwords are stupid!” into the wrong IM > window it’s not immediately obvious that the wrong window received the > input, vs. say “$eptember01”**** > > ** ** > > The downside:**** > > Some scanners scan-to-SMB will fail if the password is longer than 15 > characters. Dumb.**** > > *David Lum* > Systems Engineer // NWEATM > Office 503.548.5229 //* *Cell (voice/text) 503.267.9764**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
