>Ray,
>
>I think there is a misunderstanding. What he said was non alphanumeric
>(something other that letters and numbers).
>What I think he means is characters such as !@#$%^&*(), and others.
>Alphabetic characters, numbers, and especially mixed case are very much
>recommended for security, BUT, I can understand the problems associated with
>a user not remembering that he had the 3rd letter of his cat's name
>capitalized.
>
>My $ 0.02
>
>Brad
Hope it's not getting too far afield, but there are some tricks for
getting strong but memorable passwords.
The passphrase is good. Remember some natural-language phrase such as
"Ciscos that aren't fish aren't kosher"
and use the first two letters of each word, capitalizing the first:
CiThArFiArKo
or even only capitalize the letters that normally would be capitalized:
"John Chambers, router jockey"
JoCarojo
You can strengthen any of these, assuming the strings are varying
length, by splitting the passphrase into two and putting one or more
numeric digits at the center. Passwords with numbers at the beginning
or end are a bit easier to guess.
There are other tricks that could work with specific people. Without
getting specific, my personal passwords come from a background in
biochemistry, and tend to be formulas with deliberate errors in them.
The Department of Defense/NSA password management guide at
http://www.fas.org/irp/nsa/rainbow/std002.htm is quite well written
and gives insights into the relative strength of passwords.
>
>-----Original Message-----
>From: Ray Mosely [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, January 04, 2001 9:14 AM
>To: studygroup
>Subject: RE: Electrical and General knowledge
>
>
>Sorry, if I understand your comments on passwords,
>I must disagree. Username passwords should contain
>non-alphabetic characters. This doesn't effect Cisco,
>because so far no one seems to have created the right
>software to hack the secret password hash.
>
>However, the Cisco secret password hash is similar to
>Microsoft's, and l0pht has long ago created a brute
>force hack. I ran the l0pht crack on my userlist 2
>months ago.
>
>The only passwords that were NOT cracked were mine and
>my student worker's. Both had non-alphabetic characters.
>
>Ray Mosely
>CCNA, MCSE
>
>-----Original Message-----
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
