Penetration Testing mailing list archives
Re: Secure Password Policy?
From: "Mike Dieroff" <michael () bluescreenit co uk>
Date: Thu, 19 Jan 2006 17:38:43 -0000
Hi there,As far as I remember, the NTLANMAN hash maxed at 8 and LM hashes at 13 characters... could be corrected...
I have not really heard of any 'secure' implementation with 6 character passwords - The minimum today would be:
1.) Password length: 8 characters2.) Full complexity: Upper and lower case, numerals, alphanumerics <---- Don't forget the spacebar here!!always a good one!
3.) Max age average of around 40 - 60 days dependant 4.) History of around 10 passwords Hope this helps, Mike ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Secure Password Policy? Sulaiman, Wilmar (Jan 19)
- Re: Secure Password Policy? Mike Dieroff (Jan 19)
- RE: Secure Password Policy? Lyal Collins (Jan 21)
- RE: Secure Password Policy? Petr . Kazil (Jan 23)
- Re: Secure Password Policy? List Spam (Jan 22)
- Re: Secure Password Policy? Neil (Jan 22)
- List of "clickable" on-line pen-test tools Petr . Kazil (Jan 23)
- Re: List of "clickable" on-line pen-test tools Ivan . (Jan 24)
- Re: List of "clickable" on-line pen-test tools Alvin Oga (Jan 25)
- Re: List of "clickable" on-line pen-test tools thomas springer (Jan 25)
- Message not available
- Re: List of "clickable" on-line pen-test tools FocusHacks (Jan 30)
- RE: Secure Password Policy? Lyal Collins (Jan 21)
- Re: Secure Password Policy? Mike Dieroff (Jan 19)
- Re: List of "clickable" on-line pen-test tools thomas springer (Jan 24)