Nope, no misunderstanding.
l0pht takes about 2 or 3 days to crack alphanumeric
passwords that are hashed.
It could take a month of Sundays to hack special
characters. I always use at least one special
character in my passwords.
And it is just a matter of time before someone
programs a brute force hash cracker for router
access. The hash algorithm, as I understand it,
it very similar to what Microsoft uses, and
l0pht cracks.
Mixed case characters are sometimes called a
skyline font, because they resemble a city's
skyline. Skyline passwords are easily cracked,
so I don't really see the point to them, unless
a hacker is using "social engineering" to discover
passwords.
Social engineering is basically eavesdropping by
maintaining a physical presence when someone is
typing in a password. Maybe hang out with a
cup of coffee, chat a little, and wait for the
opportunity to observe a user typing in a password.
Ray M.
CCNA, MCSE
-----Original Message-----
From: Stanfield Hilman B (Brad) CONT NSSG
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 04, 2001 8:43 AM
To: 'Ray Mosely'; studygroup
Subject: RE: Electrical and General knowledge
Ray,
I think there is a misunderstanding. What he said was non alphanumeric
(something other that letters and numbers).
What I think he means is characters such as !@#$%^&*(), and others.
Alphabetic characters, numbers, and especially mixed case are very much
recommended for security, BUT, I can understand the problems associated with
a user not remembering that he had the 3rd letter of his cat's name
capitalized.
My $ 0.02
Brad
************************************************************************
Brad Stanfield CCNA
Network/Integration Engineer
[EMAIL PROTECTED]
Government Micro Resources
Network Operations Control Center
Norfolk Naval Shipyard
Bldg 33 NAVSEA NCOE
757-393-9526
1-800-626-6622
-----Original Message-----
From: Ray Mosely [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 04, 2001 9:14 AM
To: studygroup
Subject: RE: Electrical and General knowledge
Sorry, if I understand your comments on passwords,
I must disagree. Username passwords should contain
non-alphabetic characters. This doesn't effect Cisco,
because so far no one seems to have created the right
software to hack the secret password hash.
However, the Cisco secret password hash is similar to
Microsoft's, and l0pht has long ago created a brute
force hack. I ran the l0pht crack on my userlist 2
months ago.
The only passwords that were NOT cracked were mine and
my student worker's. Both had non-alphabetic characters.
Ray Mosely
CCNA, MCSE
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Priscilla Oppenheimer
Sent: Wednesday, January 03, 2001 5:37 PM
To: Tony van Ree; studygroup
Subject: Re: Electrical and General knowledge
At 10:01 AM 1/4/01, Tony van Ree wrote:
>A couple of thoughts based on the PVC fault thread but looking at a
>different angle.
>
>Should we as aspiring "communications experts" understand:
>1 Fundamental electrical and magnetic propogation theory.
>2 Basic cabling technology, design and termination.
Yes. Cisco Networking Academy requires almost a whole semester on
electricity, cabling, building wiring, etc. Now, I think that's overkill,
but at least some study in these areas is a good idea if you want to be an
efficient troubleshooter.
Priscilla
>Well lets consider the number of faults that can be put into this
>category. It used to be 75%+ faults were of a physical nature. I think
>the figure would still be quite high but I don't have recent figures.
>
>Most intermittent faults are due to connections and/or connectors. Ofter
>due to poor installation and/or plugs being inserted and removed regularly
>and/or incorrectly.
>
>The next most common cause of intermittent faults is magnetic (Noise)
>interferance. Usually due to poor cabling layouts and/or poor
>installation methods.
>
>The most common cause of permanent damage to to ports is due to incorrect
>installation of cables (NT1 to Ethernet ports is a good one that comes up
>a lot).
>
>In switching the most common problems are duplex mismatches. Usually due
>to a misunderstanding of what duplex setting do.
>
>These are just some considerations there are heaps more. Most are easily
>avoided but difficult to diagnose. An understanding of the fundamentals
>involved can avoid disaster.
>
>Just as a beat up on all. I work in an environment where we supply Telco
>type services and IP connectivity to thousands (this figure is an
>understatement). A part of my job is to troubleshoot client connections
>to our access servers. I can often go for a week or two handling about 10
>faults or more per day without finding a fault in the configuration of the
>access servers, connections to the access servers and/or the clients
>CPE. This does not leave much but I'll bet most still blame us. I don't
>know how often I will suggest change this setting in your server an all
>will be fine. Bink up it comes and so does the question "what did you do
>at your end to fix my server?"
>
>Incidently the next most common problem I come across is username/password
>errors particularly where people mix cases and/or use non alphanumeric
>characters in usernames. In my opinoin this shouls be avoided (In Cisco's
>also). The term username in the Cisco sense is really a hostname (PPP)
>and should follow the Unix Hostmane rules to avoid stange issues.
>
>Most faults a simple and can be avoided by careful planning.
>
>Just some thoughts and ramblings from Teunis
>
>Teunis
>Hobart, Tasmania
>Australia
>
>
>--
>www.tasmail.com
>
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
________________________
Priscilla Oppenheimer
http://www.priscilla.com
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]