Would someone please show me a threat model with the following characteristics?
1. Cryptanalytic attacks are plausible. 2. Within the context of 1 above, how this policy could solve more problems than it causes. Thanks in advance :) Cheers, David. On Tue, Oct 11, 2011 at 05:02:16AM +0800, Harisfazillah Jamel wrote: > Read it online > > http://goo.gl/HZZCd > http://green-osstools.blogspot.com/2011/10/please-change-your-password-for-new.html > You are require to have a new password thats contain the following :- > Two upper case lettersTwo lower case lettersTwo numbersTwo special > characters (examples: @#$%^&*()_+|~-=\`{}[]:";'<>/) > Password must contain with minimum of 8 charactersPassword must be > changed on at least every 6 months > Your password is easy to be remembered but it is hard to guess. > You want it to be complex enough that it can’t be guessed, yet > meaningful enough that you can actually remember it. Use non-words but > associate them with a word. Imagine your pet’s name is Buddy, you live > on State Street, you’re 15, and you like to stargaze at night. A good > password for you would be BudStat15** - A Guide to Facebook Security > References :- > OWASP.my Discussion Group In Facebookhttps://www.facebook.com/groups/owaspmy/ > Facebook Security Page and download E-book in PDF format A Guide to > Facebook Security.https://www.facebook.com/security > Password Policyhttp://en.wikipedia.org/wiki/Password_policy > SANS Institute Password > Policyhttp://www.sans.org/security-resources/policies/Password_Policy.pdf > _______________________________________________ > OWASP-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.my > > OWASP Malaysia Facebook > http://www.facebook.com/OWASP.Malaysia > > OWASP Malaysia Twitter #owaspmy > http://www.twitter.com/owaspmy -- David Fetter <[email protected]> http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter Skype: davidfetter XMPP: [email protected] iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate _______________________________________________ OWASP-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.my OWASP Malaysia Facebook http://www.facebook.com/OWASP.Malaysia OWASP Malaysia Twitter #owaspmy http://www.twitter.com/owaspmy
