Basically if you have enough time and computer power any password can be cracked, it makes it only easier with Rainbow Crack and Rainbow tables, where all the hashes are pre computed and just need to match. (See Cain and Abel tool).
I would use passphases with complexity in them and change it often enough along with disable storing of the LM hashes on systems. For systems that need extra protection look into 2 factor authentication. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: David Lum [mailto:david....@nwea.org] Sent: Thursday, January 31, 2013 9:17 AM To: NT System Admin Issues Subject: Password complexity question I have seen a few articles on password cracking and using unrelated words, so I have a question Given the "Making complex passwords" section here: http://www.digitaltrends.com/mobile/crack-this-how-to-pick-strong-passwords-and-keep-them-that-way/ Could you use a fairly simple method to identify what the password is for and still have it tough to crack? I'm guessing no, but have to ask For a twitter account: Twitter1 vodka eagles! Then for a Facebook account:Facebook2 vodka eagles! Ebay: Ebay3 vodka eagles! Then follow that same pattern for the various accounts. While it seems like bad practice to include the service name as part of the password I thought I'd ask your guys' opinion. It's at least better than using the same password for everything...or is it? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
