Penetration Testing mailing list archives
Re: Secure Password Policy?
From: Alexander Klimov <alserkli () inbox ru>
Date: Thu, 19 Jan 2006 19:35:57 +0200 (IST)
On Thu, 19 Jan 2006, Sulaiman, Wilmar wrote:
I would like to know where they derived the number (6 and 8 characters).
The method is as follows: you define how long an attacker can try (T), how many attempts he can make per time unit (A) and what is the probability of breakin (P). If the whole keyspace is S then A*T/S = P and so S = A*T/P Next step is to determine how many bits of entropy (B) are in each character and the length of the password can be calculated: L = log(S)/B -- Regards, ASK ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Secure Password Policy?, (continued)
- RE: Secure Password Policy? Petr . Kazil (Jan 23)
- Re: Secure Password Policy? List Spam (Jan 22)
- Re: Secure Password Policy? Neil (Jan 22)
- List of "clickable" on-line pen-test tools Petr . Kazil (Jan 23)
- Re: List of "clickable" on-line pen-test tools Ivan . (Jan 24)
- Re: List of "clickable" on-line pen-test tools Alvin Oga (Jan 25)
- Re: List of "clickable" on-line pen-test tools thomas springer (Jan 25)
- Message not available
- Re: List of "clickable" on-line pen-test tools FocusHacks (Jan 30)
- Re: List of "clickable" on-line pen-test tools thomas springer (Jan 24)
- Re: Secure Password Policy? Tim (Jan 21)
- Re: Secure Password Policy? Tim (Jan 21)
- "Ping scan" through Google Petr . Kazil (Jan 22)
- Re: "Ping scan" through Google -- Perl version for *NIX Peter Hille (Jan 22)
- Re: "Ping scan" through Google Robert Wesley McGrew (Jan 22)
- Re: "Ping scan" through Google pagvac (Jan 23)
- Re: Secure Password Policy? David M. Zendzian (Jan 22)
- Re: Secure Password Policy? Brian Anderson (Jan 22)