I tend to agree with what I think you're saying. But, the original question was whether adding an alt-char to your password would make you safer and/or your password harder to crack. I think the answer to this is "absolutely".
-----Original Message----- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Saturday, September 10, 2011 3:00 PM To: NT System Admin Issues Subject: Re: password questions IMO all this business about rainbow tables for finding hash value collisions is, or will soon be, highly obsolete. A properly designed password system should use both (a) enough salt bits to render rainbow tables impractical, and (b) a computationally expensive, variable workload hashing algorithm. If your password-based security system doesn't do this, or have some other safeguard like lockout windows, it is just straight-up weak. Now, whether you are writing a program to try to break into an account through the front door (regular credential challenge) or back door (find a collision on a swiped hash)... Are you going to iterate exhaustively through the entire Unicode BMP, or are you going to start with a list of the 1,000,000 most common passwords and various permutations based on what you know about the account owner's culture? Bearing in mind there are thousands upon thousands of valid characters, and each additional character you decide to include in your brute force break-in attempt dramatically increases your time and cost... going for "total coverage" is almost certainly *not* going to be your strategy. --Steve On Sat, Sep 10, 2011 at 1:00 PM, Ben Scott <mailvor...@gmail.com> wrote: > On Sat, Sep 10, 2011 at 9:06 AM, Michael B. Smith <mich...@smithcons.com> > wrote: >> I can state with assurance that full tables for ASCII are available. > > Technically speaking, ASCII is 7 bits, so that may not be what we're > talking about. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
