Security Basics mailing list archives
RE: Re: Re: RE: ADS Password Storage Protection
From: Harold Winshel <winshel () camden rutgers edu>
Date: Thu, 20 Jul 2006 06:12:44 -0400
Dave,I had actually seen most of those sites and did find them to contain excellent discussions.
However, unless I missed it, I didn't see anything touching on what I'll call "strong passphrases."
Thanks, Harold At 01:16 PM 7/18/2006, dave kleiman wrote:
Winshel, That would be because after 14 characters there is no LM hash store of the password on a windows system. Some excellent resources for discussions on good password polices and ideas: http://www.securityfocus.com/archive/88/312263 5-Minute Security Advisor - Choosing a Good Password Policy: http://www.microsoft.com/technet/archive/community/columns/security/5min/5mi n-302.mspx Frequently Asked Questions About Passwords: http://www.microsoft.com/technet/community/columns/secmgmt/sm1005.mspx The Great Debates: Pass Phrases vs. Passwords: http://www.microsoft.com/technet/community/columns/secmgmt/sm1004.mspx http://www.microsoft.com/technet/community/columns/secmgmt/sm1104.mspx http://www.microsoft.com/technet/community/columns/secmgmt/sm1204.mspx And: http://www.syngress.com/catalog/?pid=3420 http://www.castlecops.com/a5842-Passwords_Staying_Safe.html Dave -----Original Message----- From: winshel () camden rutgers edu [mailto:winshel () camden rutgers edu] Sent: Monday, July 17, 2006 23:49 To: security-basics () securityfocus com Subject: Re: Re: Re: RE: ADS Password Storage Protection Thanks for the comment. I'm still unclear - if I'm not mischaraterizing the situation - why there seems to be a lot of support for the idea that a 15 character windows passphrase can be a real phrase and be very secure. Do you think there is - or will be in the near future - a passphrase attack? Is there such a thing as a "strong passphrase?"
Harold Winshel Computing and Instructional Technologies Faculty of Arts & Sciences Rutgers University, Camden Campus 311 N. 5th Street, Room B36 Armitage Hall Camden NJ 08102 (856) 225-6669 (O) --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: ADS Password Storage Protection, (continued)
- RE: ADS Password Storage Protection Roger A. Grimes (Jul 24)
- Re: ADS Password Storage Protection Eoin Miller (Jul 18)
- RE: ADS Password Storage Protection Depp, Dennis M. (Jul 19)
- RE: ADS Password Storage Protection Roger A. Grimes (Jul 21)
- Re: Re: RE: ADS Password Storage Protection Gregory Rubin (Jul 18)
- RE: Re: RE: ADS Password Storage Protection Pranav Lal (Jul 19)
- Re: Re: Re: RE: ADS Password Storage Protection winshel (Jul 18)
- Re: ADS Password Storage Protection ab (Jul 19)
- Re: ADS Password Storage Protection Gregory Rubin (Jul 21)
- RE: Re: Re: RE: ADS Password Storage Protection dave kleiman (Jul 19)
- RE: Re: Re: RE: ADS Password Storage Protection Harold Winshel (Jul 21)
- Re: ADS Password Storage Protection ab (Jul 19)
- Re: ADS Password Storage Protection Eoin Miller (Jul 19)
- RE: ADS Password Storage Protection Roger A. Grimes (Jul 19)
- RE: ADS Password Storage Protection Roger A. Grimes (Jul 21)
- RE: ADS Password Storage Protection Robertson, Seth (JSC-IM) (Jul 21)
- Re: RE: ADS Password Storage Protection eric . baechle (Jul 21)
- Re: Re: ADS Password Storage Protection eric . baechle (Jul 27)
- Re: RE: ADS Password Storage Protection e . m . baechle (Jul 28)
- RE: RE: ADS Password Storage Protection Roger A. Grimes (Jul 31)