Re: Bank Of Montreal Online Security

["Alexander A. Kelner" <a.kelner () noc brsi ru>]

On Thu, 1 Nov 2012, Juan F. Campos - Computalleres.com wrote:

> Date: Thu, 01 Nov 2012 08:57:10 -0600
> From: Juan F. Campos - Computalleres.com <jfcampos () computalleres com>
> To: security-basics () securityfocus com
> Subject: Re: Bank Of Montreal Online Security
> Resent-Date: Thu,  1 Nov 2012 08:57:07 -0700 (PDT)
> Resent-From:
>     security-basics-return-58253-a.kelner=noc.brsi.ru () securityfocus com
>
> On 10/31/2012 02:49 PM, Alexander A. Kelner wrote:
> > On Wed, 31 Oct 2012, Dave Kleiman wrote:
> >
> > > Date: Wed, 31 Oct 2012 09:26:30 -0500
> > > From: Dave Kleiman <dave () davekleiman com>
> > > To: "security-basics () securityfocus com"
> > > <security-basics () securityfocus com>
> > > Subject: RE: Bank Of Montreal Online Security
> > > Resent-Date: Wed, 31 Oct 2012 09:07:10 -0700 (PDT)
> > > Resent-From:
> > >     security-basics-return-58248-a.kelner=noc.brsi.ru () securityfocus com
> > >
> > > Alexander,
> > >
> > >    >>> Which password length is more secure - that is a question.<<<
> > >
> > > If you used the above statement, just as you typed it, as your password
> > > (passphrase), would it not both much stronger than 6 characters and very
> > > easy to remember?
> >
> > Hi Dave!
> >
> > Yes, it's very easy to remember, but I think this method for password
> > setting is not as strong as it may appears :-)
> >
> > The phrase "Which password length is more secure - that is a question"
> > contains not 58 "random chars", but 11 only, because each word must be
> > considered as a single symbol in the vocabulary, say for brute force
> > attack.
>
> Yet it is possible to have a "single symbol" that is hard to
> guess/crack. You can associate a phrase that include random chars and is
> easy to remember.
>
> Please take a look over here (Sophos - Choosing a Strong Password)
> http://www.youtube.com/watch?v=VYzguTdOmmU

IMHO it's more easy to remember 8 random chars then
perform lots of manipulations every time when you
need to restore your password :-)

> ....
>
> > If you bring some order (the way for easy memorizing) into your password
> > you decrease it's strength.
> >
> > Well, and now try to type above phrase in invisible mode and don't make
> > mistake :-)
> >
> > Though, IMHO six chars passwords are too short. I like at least 8 :-)
>
> --
> Best regards,
>
> Juan F. Campos   |  PGP Key ID: 0xDB880578
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
> it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
> install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
> highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


---
Alexander A. Kelner
Senior engineer
CT Network Operation Center
RosTelecom - Bryansk

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------