Re: Whitespace in passwords

From: R. DuFresne (dufresne@sysinfo.com)
Date: Sun Sep 18 2005 - 22:24:14 EDT

• Next message: Roger: "Louis Vuitton Bags ON SALE!!"
• Previous message: Craig Wright: "RE: Whitespace in passwords"
• In reply to: Paul Robertson: "Re: Whitespace in passwords"
• Next in thread: Andrew Meyers: "RE: Whitespace in passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 16 Sep 2005, Paul Robertson wrote:

> On 9/9/05, Peter Parker <peterparker@fastmail.fm> wrote:
>>
>> Most of the available crackers have option to brute all possible
>> characters (including whitespaces). We want strong password because we
>> dont want them to be compromised (by anymeans)
>
> Strong passwords *normally* force users to write them down, and unless
> you've exposed a dictionary-attackable service like OWA, don't really
> help- since the big risk is local exploitation where those little
> yellow notes make all the difference.
>
>

We've found additionally, short expiry times can also make this reverting
to postit passes also happen with greater frequency, as well as having
multiple passwd's for various systems...great case for OTP.

Thanks,

Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant: sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDLiFSst+vzJSwZikRAqckAJ9xRTOR22uWjk7ygN9PC7etGH+jfwCfajfD
N1GTLUlallfY7v7UF+y6LFM=
=yKYt
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Roger: "Louis Vuitton Bags ON SALE!!"
• Previous message: Craig Wright: "RE: Whitespace in passwords"
• In reply to: Paul Robertson: "Re: Whitespace in passwords"
• Next in thread: Andrew Meyers: "RE: Whitespace in passwords"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:55 EDT