[Dshield] Password Strength

Jorge Fernandes jorgefernandes at cmvm.pt
Mon Oct 18 10:56:32 GMT 2004


Since we're talking about password length/strength I'd like your opinion
on Robert Hensing's article:

"Why you shouldn't be using passwords of any kind on your Windows
networks . . . ":
http://blogs.msdn.com/robert_hensing/archive/2004/07/28/199610.aspx 
With the corrections he made on his main page:
http://blogs.msdn.com/robert_hensing/


It concerns the use of pass-phrases instead of passwords and I would
really appreciate your thoughts on the subject.

Best Regards
Jorge Fernandes


-----Original Message-----
From: Chris Brenton [mailto:cbrenton at chrisbrenton.org] 
Sent: segunda-feira, 18 de Outubro de 2004 10:57
To: General DShield Discussion List
Subject: Re: [Dshield] Password Strength

<...>

Since you are talking UNIX, you may want to up the minimum length to
10-12 characters. Remember that adding another password character under
UNIX increases the cracking time exponentially, it does not decrease it
like under Windows.  

HTH,
Chris





More information about the list mailing list