[Dshield] Password Strength
cdupuis at cccure.org
Wed Oct 20 16:14:53 GMT 2004
You can also save yourself some money, and grab them for free from some of
the site that offers THEIR OWN copy for free. See:
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Gary Warner
Sent: Tuesday, October 19, 2004 3:29 PM
To: General DShield Discussion List
Cc: Packet Ninjas
Subject: Re: [Dshield] Password Strength
Here's a Rainbow Tables password cracking page:
In Demo 3, the author cracks passwords on an NT box using his largest
set of rainbow tables. Tables which are 25GB in size, and would take
approximately 7 months to generate on a "normal" computer. ( The
rainbow tables are available from the author for $120.)
This table uses the charset:
(A-Z, a-z, 0-9, 14 symbols, and space)
In the demo, the following passwords fell on a 2.8GHz Pentium in 3
minutes 17 seconds:
Anybody got a user community with passwords harder than that?
So, to say "passwords should be changed frequently enough that they
cannot be cracked during the password change interval" is just no longer
feasible, UNLESS you go to extended length passwords or some entirely
different authentication solution.
DShield and the Internet Storm Center are sponsored by the SANS Institute.
To learn more about current SANS training, see http://www.sans.org .
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list