[Dshield] password security

Dr. Daniel Carras dr.astrom42 at gmail.com
Wed Feb 4 22:56:11 GMT 2009 

Brute Force dictionary crackers would have "10 Bottles of Beer", they 
wouldn't have eeqmc2, this would require a different algorithm. However, 
any increasing number account hacks look for password files on the users 
system.

White, Robert W wrote:
> I would recommend "pass phrases" of 8 or more characters using three of
> the following UPPER CASE, lower case, numbers, punctuation (spaces,
> coma, dash, etc.) i.e. 10 Bottles Beer 
>
> -----Original Message-----
> From: list-bounces at lists.sans.org [mailto:list-bounces at lists.sans.org]
> On Behalf Of Dr. Daniel Carras
> Sent: Wednesday, February 04, 2009 4:49 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] password security
>
> The safest option is not an online site, but a txt file (not obviously 
> named password, etc.). Further, the safest passwords are random 
> groupings of numbers and letter. For example; as secure 6 character; 
> eeqmc2 [e = mc^2]
>
> Matthew Dunlop wrote:
>   
>> I am very aware of how easy passwords are cracked and more complicated
>>     
>
>   
>> ones take longer.
>>
>> I also know that you never use the same password for your banking and 
>> e-mail and other sites.
>>
>> I have come up with some very long and hard to crack passwords and 
>> some not so long ones too.
>>
>> (I hate sites that limit you to 6 charters) As my list of sites that I
>>     
>
>   
>> have created accounts grows, I wonder
>>
>> How many different passwords should be keeping in my head. And when my
>>     
>
>   
>> head can't store them all.
>>
>> Is there a web site that is secure enough to store them at. I know 
>> there are programs that I can run to keep
>>
>> The data local, but there are some time I don't have a flash drive 
>> with me or I might forget to update it.
>>
>> What sites to you think are secure enough to use?
>>
>> **Matt Dunlop***
>> **IT Manager**
>>
>> *
>>
>>
>>     
> ------------------------------------------------------------------------
>   
>> _______________________________________________
>> Dshield mailing list
>> Dshield at lists.sans.org
>> To change your subscription options (or unsubscribe), see:
>>     
> https://lists.sans.org/mailman/listinfo/list
>   
>>   
>>     
>
> _______________________________________________
> Dshield mailing list
> Dshield at lists.sans.org
> To change your subscription options (or unsubscribe), see:
> https://lists.sans.org/mailman/listinfo/list
>
> _______________________________________________
> Dshield mailing list
> Dshield at lists.sans.org
> To change your subscription options (or unsubscribe), see: https://lists.sans.org/mailman/listinfo/list
>
>

More information about the Dshield mailing list