From: Paul Robertson (compuwar@gmail.com)
Date: Fri Sep 16 2005 - 13:47:28 EDT
On 9/9/05, Peter Parker <peterparker@fastmail.fm> wrote:
>
> Most of the available crackers have option to brute all possible
> characters (including whitespaces). We want strong password because we
> dont want them to be compromised (by anymeans)
Strong passwords *normally* force users to write them down, and unless
you've exposed a dictionary-attackable service like OWA, don't really
help- since the big risk is local exploitation where those little
yellow notes make all the difference.
>
> Since _most_ of the precomputed tables available for rainbow crack are
> generally not one generated with whitespaces so I started using it
> regularly in my passwords :D
1. Thanks for helping reduce the keyspace necessary to acquire your
passwords :-P
2. The newest Shmoo tables include the space character.
3. Disabling backwards-compatible hashes and the local storage of
hashes (if possible) will go a lot further than hoping that an
attacker's tables don't have the characters you're using or that the
math doesn't suddenly become easy.
4. OTPs which are well-generated in hardware are generally worth more
than any other scheme for solving the password problem.
Paul
-- www.compuwar.net ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:55 EDT