[Dshield] Re: Passwords

Sean Waddell swaddell at espgroup.net
Tue Mar 19 15:36:47 GMT 2002


Just wanted to throw my $.01 into the mix....this is a good read from
securityfocus.

http://online.securityfocus.com/infocus/1554

Sean Waddell
Network Engineer
ESP Group


Ed Truitt wrote:
> 
> That is a "feature" of the WIndows LANMAN hash, and doesn't apply to other
> password types.  MD5 password are relatively secure (I say "relatively" as
> with enough time and CPU power most any password can be brute-forced.)
> 
> This feature of the WIndows password actually makes a 7 character password
> stronger than an 8-character password - something many IT auditors find very
> hard to comprehend :^)
> 
> Cheers,
> Ed Truitt
> PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
> http://www.etee2k.net
> http://www.bsatroop148.org
> 
> "Note to spammers:  my 'delete' key is connected to YOUR ISP.
>  Also, if you send me UCE, I reserve the right to post your spew
> on my Web site, with the appropriate color commentary, so that
> others may have a good laugh at your expense."
>




More information about the list mailing list