From: DMORROW5@satx.rr.com
Date: Thu Jan 19 2006 - 12:52:11 EST
I would submit that 6-7 is the thought for a LAN-MAN hash, 8 or more
for non-LAN-MAN hash...
Dana
----- Original Message -----
From: "Sulaiman, Wilmar" <wsulaiman@siddharta.co.id>
Date: Thursday, January 19, 2006 4:11 am
Subject: Secure Password Policy?
> Dear all,
>
> I noticed that "best practice" for Minimum password length policy is
> either 6 or 8 characters. I guess SANS institute considered a weak
> password if it is less than 8 characters.
>
> I would like to know where they derived the number (6 and 8
> characters).Is there any documentation to backup it up why the
> best practice for
> minimum password length is set to 6?
>
> Wilmar Sulaiman
> Risk Advisory Services
> KPMG Siddharta Siddharta & Widjaja
> 32nd Floor, GKBI Building
> 28, Jl. Jend. Sudirman
> Jakarta 10210, Indonesia
> J : +62 (0) 21 574 2333
> Fax : +62 (0) 21 574 1777
>
>
**********************************************************************
> The information in this e-mail is confidential and may be legally
> privileged. It is intended solely for the addressee. Access to
> this e-mail by anyone else is unauthorized. If you have received
> this communication in error, please address with the subject
> heading "Received in error," send to postmaster@siddharta.co.id,
> then delete the e-mail and destroy any copies of it. If you are
> not the intended recipient, any disclosure, copying, distribution
> or any action taken in reliance on it, is prohibited and may be
> unlawful. Any opinions or advice contained in this e-mail are
> subject to the terms and conditions expressed in the governing
> Siddharta Siddharta & Widjaja/PT Siddharta Consulting client
> engagement letter. Opinions, conclusions and other information in
> this e-mail and any attachments that do not relate to the official
> business of the firm are neither given nor endorsed by it.
>
> Siddharta Siddharta & Widjaja/PT Siddharta Consulting cannot
> guarantee that e-mail communications are secure or error-free, as
> information could be intercepted, corrupted, amended, lost,
> destroyed, arrive late or incomplete, or contain viruses.
>
> Siddharta Siddharta & Widjaja - Registered Public Accountants,
> registered in Indonesia, is a member firm of KPMG International.
> PT Siddharta Consulting, a limited liability company registered in
> Indonesia, is a member firm of KPMG International. KPMG
> International is a Swiss cooperative of which all KPMG firms are
> members. KPMG International provides no professional services to
> clients. Each member firm is a separate and independent legal
> entity and each describes itself as such.
>
> This footnote also confirms that this e-mail message has been
> swept by MIMEsweeper for the presence of computer viruses. See
> www.mimesweeper.com for more information.
>
**********************************************************************
>
>
> -------------------------------------------------------------------
> -----------
> Audit your website security with Acunetix Web Vulnerability
> Scanner:
>
> Hackers are concentrating their efforts on attacking applications
> on your
> website. Up to 75% of cyber attacks are launched on shopping
> carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down
> servers are
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks
> before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------
> ------------
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:23 EDT