What tactics are you allowed to use? I made up separate accounts ahead of time, and announced two weeks ahead of time that on Monday they'd have to use them, and stripped the DA privileges on Friday evening before the Monday.
Worked like a champ - even the IT manager went along with it. On Thu, Feb 10, 2011 at 13:55, David Lum <[email protected]> wrote: > Problem is IBM’s blade centers that we have accept a MAXIMUM of 20 > characters, I actually had to shorten said password from 21 characters. Eh, > at least it’s not my Domain Admin account… > > > > <My new mission at NWEA – get the other DA’s to quit being DA’s on their > normal accounts…> > > > > Dave > > > > From: Michael B. Smith [mailto:[email protected]] > Sent: Thursday, February 10, 2011 1:40 PM > To: NT System Admin Issues > Subject: RE: IPhone attack reveals passwords in six minutes > > > > Well, the next iteration of RTs will include 16 chars – so, it’s time to > extend it. J > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > From: David Lum [mailto:[email protected]] > Sent: Thursday, February 10, 2011 4:38 PM > To: NT System Admin Issues > Subject: RE: IPhone attack reveals passwords in six minutes > > > > Funny, my one of my current passwords is 16 characters… > > > > From: Michael B. Smith [mailto:[email protected]] > Sent: Thursday, February 10, 2011 1:29 PM > To: NT System Admin Issues > Subject: RE: IPhone attack reveals passwords in six minutes > > > > That’s why I said “15 char or less”… > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > From: Jonathan Link [mailto:[email protected]] > Sent: Thursday, February 10, 2011 4:19 PM > To: NT System Admin Issues > Subject: Re: IPhone attack reveals passwords in six minutes > > > > Give me a large enough Rainbow Tables, and a short enough password... > > On Thu, Feb 10, 2011 at 4:17 PM, Michael B. Smith <[email protected]> > wrote: > > It isn’t impressive. > > > > I’ve got 250 GB of Rainbow Tables. I am surely not the only one. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > From: MMF [mailto:[email protected]] > Sent: Thursday, February 10, 2011 4:15 PM > > To: NT System Admin Issues > > Subject: RE: IPhone attack reveals passwords in six minutes > > > > Sounds impressive. Mind telling us what software you are using? > > > > Murray > > > > ________________________________ > > From: Michael B. Smith [mailto:[email protected]] > Sent: Thursday, February 10, 2011 3:09 PM > > To: NT System Admin Issues > > Subject: RE: IPhone attack reveals passwords in six minutes > > Anything under 15 characters I can crack in under 5 minutes. > > > > Anything. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > From: MMF [mailto:[email protected]] > Sent: Thursday, February 10, 2011 4:05 PM > > To: NT System Admin Issues > > Subject: RE: IPhone attack reveals passwords in six minutes > > > > How about a nursery rhyme but use the first letter of each word. Example: > Hickory Dickery Dock The Mouse Ran Up The Clock would be: hddtmrutc. > > > > Murray > > > > ________________________________ > > From: William Robbins [mailto:[email protected]] > Sent: Thursday, February 10, 2011 12:52 PM > To: NT System Admin Issues > Subject: Re: IPhone attack reveals passwords in six minutes > > +1 I use song lyrics also. > > - WJR > > On Thu, Feb 10, 2011 at 12:49, David Lum <[email protected]> wrote: > > One method is to take acronyms from your favorite hobby and string them > together Example: NetBEUI CPU is 45GHz 14Kbps > > NetBEUICPUis45GHz14Kbps. 25 characters, upper and lower case and I’m going > to guess random enough. Surely acronym’s are different when it comes to a > dictionary attack? Need to change it? Flip the order of the acronyms. > > > > Personally I use a passphrase with correct punctuation – it gives upper > case, lower case, and special character. These becomes frustrating when you > go to a website that gives you something dumb like 12character maximum, in > which case use the hobby acronym’s. > > > > My $0.02 > > Dave > > > > From: Don Ely [mailto:[email protected]] > Sent: Thursday, February 10, 2011 10:29 AM > > To: NT System Admin Issues > > Subject: Re: IPhone attack reveals passwords in six minutes > > > > I must not be human... Most of my high security accounts have passwords of > 20+ random characters and I have them memorized... > > On Thu, Feb 10, 2011 at 10:25 AM, Ben Scott <[email protected]> wrote: > > On Thu, Feb 10, 2011 at 12:31 PM, Matthew W. Ross > <[email protected]> wrote: >>> If data is encrypted with strong crypto, and that crypto's secret >>> key is not stored on the device, then that data can generally be >>> considered safe even if the device is stolen. >>> >>> In English, that means if the security depends on a strong password >>> the user must enter (and not on some magic the manufacturer has >>> "hidden" inside the device), the password-protected data is safe. >> >> ... Isn't that only partially true? I mean, if the encrypted data is >> stolen, >> isn't it reasonable to believe it can be cracked given enough time/cpu >> power? > > You're basically correct. > > Given good algorithms and implementations, the strength of your > security depends on the strength of the key. If the password is an > English word, then yah, it's going to be straightforward to crack in > minutes or hours with a dictionary attack. If it's a a combination of > words and other characters, it's harder, but still within reason for > days, weeks, or months. Once you go to truly random characters, it's > dependent on the length. But even 10 characters might be crackable in > several years given commercially available technology. (I'm not up on > current predictions, so numbers may be off for times.) > > A truly random 256-bit symmetric key could theoretically be cracked > given enough time, but time to brute-force (given known technology) is > generally given in billions of years. It has been theorized that new > technology (especially "quantum computing") could drastically cut into > that, but it remains to be seen if such things are actually possible > or not. > > But 256 bits is a lot. Printable ASCII is roughly 96 characters. > That fits in roughly six and a half bits. So your passcode would need > to be around 40 characters long, and *completely* random (no words or > patterns), for it to be in that neighborhood. It's not realistic to > expect humans to do that. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ________________________________ > > No virus found in this message. > Checked by AVG - www.avg.com > Version: 10.0.1204 / Virus Database: 1435/3434 - Release Date: 02/10/11 > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ________________________________ > > No virus found in this message. > Checked by AVG - www.avg.com > Version: 10.0.1204 / Virus Database: 1435/3434 - Release Date: 02/10/11 > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
