[SPAM:XXXXXXXX] Re: [unisog] [Fwd: Is the current password std flawed?]

Nils Ohlson nils at cchem.berkeley.edu
Fri Feb 25 17:22:06 GMT 2005


         Twice, your messages to unisog have been tagged as 'Spam' by UC 
Berkeley, apparently based on an 'offensive domain' contained within the 
message. I don't know if it's mesh.net, or sytes.net, but you might look 
into whether either one is a blacklisted domain.


At 06:30 PM 2/24/2005, you wrote:

X-Ucb-Spam: Gauge=XXXXXXXXII, Probability=82%, 
X-Ucb-Notice: This message has been processed by a spam tagging 
system.  See http://mailinfo.berkeley.edu/ for more information
>On Thursday 24 February 2005 06:55 pm, Russell Fulton wrote:
> > Hmmm.... fro  my manager.  What do you think?
> >
> > I'll post my ideas on this tomorrow.
> >
> > Russell
> >
> > -------- Forwarded Message --------
> > From: Stephen Taylor (ITSS) <stay091 at vxchange.vcr.auckland.ac.nz>
> > To: Russell Fulton <rful011 at vxchange.vcr.auckland.ac.nz>, Bojan Zdrnja
> > <b.zdrnja at auckland.ac.nz>
> > Subject: Is the current password std flawed?
> > Date: Fri, 25 Feb 2005 13:42:51 +1300
> > As part of my discussion with CS re NetAccount v 2 enhancements we
> > looked at the UoA Password Std.
> >
> > The following comments were made by CS.
> >
> > By asking that all passwords must have a numeric and a special character
> > we are making it easier for cracking tools because we have effectively
> > reduced the "pool" of possible password combinations; e.g. no need to
> > check for a password such as "gHsrYBoZ" as this would be rejected as not
> > valid.
> >
> > Similarly by not allowing all numerics such as "33892536".
> >
> > Thoughts?
> >
> > Steve
>Not true given the following...
>- any character position in a given password may contain a char, a 
>numeric, or
>a special character which increases the number of possibles for each
>position, and
>- the length of a given password is unknown, and
>- the number of letters and/or numbers in a particular password is unknown
>Therefore, for each character position in a given password, you will actually
>increase the number of  possible "characters" choices to be tested thereby
>increasing the pool of possible passwords and increasing the complexity of
>the crack.
>CS's statement would be correct if:
>- it is known that a particular character position in any particular password
>*must* contain *only* a numeric, or
>- it is known that a particular character position in any particular password
>*must* contain *only* a special character (that can be entered at the
>keyboard), or
>- both of the above
>Have CS check their statement with the Math Dept...
>Clinton E. Troutman
>Independent Computer Consultant for Home
>   and Home Office in Fort Worth, Texas
>unisog mailing list
>unisog at lists.sans.org

More information about the unisog mailing list