4 10:07 AM
To: joe; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Senior M$ member says stop using
passwords completely!
I couldn't picture having to tell my users to type in a 256 character
password. Let's make it force 20 uppercase, 20 symbols, 20 high-bit
character, 20 numbers
On Thu, 21 Oct 2004 23:52:18 +0300, Georgi Guninski
<[EMAIL PROTECTED]> wrote:
> due to Tiny-delicate windows implementation, current windows passwords don't
> seem long enough (a m$ guy confirmed it).
> i recommend windows passwords to be enlarged by 3 to 5 inches.
> 100% guaranteed! (if permitte
due to Tiny-delicate windows implementation, current windows passwords don't
seem long enough (a m$ guy confirmed it).
i recommend windows passwords to be enlarged by 3 to 5 inches.
100% guaranteed! (if permitted by the EULA)
--
georgi
On Wed, Oct 20, 2004 at 10:56:37AM -0400, Danny wrote:
> Ge
age -
From: "joe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 21, 2004 11:32 AM
Subject: RE: [Full-Disclosure] Senior M$ member says stop using passwords
completely!
> Well I don't think anyone is saying that the issue is that 128 character
Re: [Full-Disclosure] Senior M$ member says stop using passwords
completely!
On Sat, October 16, 2004 5:25 pm, Tim said:
> The reason for my post was to point out that Mr. Hensing doesn't
> appear to be a reliable source of information on the topic of
> passwords and hash secu
On 16 Oct 2004, at 07:46, Tim wrote:
"Pre-computation attacks are a somewhat new and interesting phenomenon
we are starting to encounter 'in the wild' through chainsaw security
consultants. What they do is they pre-compute all of the possible LM
or
NT password hashes of a given length with a give
On Wednesday 20 October 2004 16:56, Danny wrote:
> On Wed, 20 Oct 2004 17:01:56 +0300, Georgi Guninski
>
> <[EMAIL PROTECTED]> wrote:
> > the poor m$ guy updated his blog.
> >
> > looks like he uses Excel(tm) for solving crypto problems.
>
> [...]
> Georgi, passwords vs. passphrases, which do you r
owles" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
10/19/2004 04:42 PM
To: "Pavel Kankovsky" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
cc:
Subject: RE: [Full-Disclosure] Senior M$ member says stop using passwords co
7;Pavel Kankovsky'; [EMAIL PROTECTED]
> Subject: RE: [Full-Disclosure] Senior M$ member says stop
> using passwords completely!
>
> If they crack it, they might be able to automatically change
> the password to a readable one.
>
> -Original Message-
> From: [E
On Wed, 20 Oct 2004 17:01:56 +0300, Georgi Guninski
<[EMAIL PROTECTED]> wrote:
> the poor m$ guy updated his blog.
>
> looks like he uses Excel(tm) for solving crypto problems.
[...]
Georgi, passwords vs. passphrases, which do you recommend?
...D
___
F
the poor m$ guy updated his blog.
looks like he uses Excel(tm) for solving crypto problems.
to quote him:
> (I can't even tell you how many petabytes it would be becuase Excel barfs
> when I try to make it tell me, it can't calculate a number that big ).
does bili teach m$ puppets math from the
>Subject: RE: [Full-Disclosure] Senior M$ member
says stop using passwords completely!
>Date: Tue, 19 Oct 2004 15:42:17 -0500
>From: "Todd Towles" <[EMAIL PROTECTED]>
>To: "Pavel Kankovsky" <[EMAIL PROTECTED]>,
> <[EMAIL PROTECTED]>
&g
Todd Towles wrote:
I was under the understand that passwords of over 14 characters were
stored with a more secure hash, therefore 14 characters passwords were
harder to crack, due to the more secure hash. Windows will create two
different hashes for passwords shorting than 14 characters, I do
belie
ehalf Of Pavel
> Kankovsky
> Sent: Sunday, October 17, 2004 2:21 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Senior M$ member says stop using
> passwords completely!
>
> On Sat, 16 Oct 2004, Frank Knobbe wrote:
>
> > It's a nice recommendation of MS
On Tue, 2004-10-19 at 15:15, Banta, Will wrote:
> Wow! Three-year-olds are supposed to have a vocab of 500+ words
So, how long would it take a 3 year old to brute-force through that key
space? ;)
-Frank
signature.asc
Description: This is a digitally signed message part
2:21 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Full-Disclosure] Senior M$ member says stop
> using passwords completely!
>
> On Sat, 16 Oct 2004, Frank Knobbe wrote:
>
> > It's a nice recommendation of MS to make (to use long passphrases
> > instead of passwords). Bu
Wow! Three-year-olds are supposed to have a vocab of 500+ words
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pavel
Kankovsky
Sent: Sunday, October 17, 2004 2:21 PM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Senior M$ member says stop
On Sat, 16 Oct 2004, Frank Knobbe wrote:
> It's a nice recommendation of MS to make (to use long passphrases
> instead of passwords). But I don't consider 14 chars a "passphrase".
> Perhaps they should enable more/all password components to handle much
> longer passwords/phrases.
A passphrase con
On Sat, October 16, 2004 5:25 pm, Tim said:
> The reason for my post was to point out that Mr. Hensing doesn't appear
> to be a reliable source of information on the topic of passwords and
> hash security.
I think that much became apparent when Mr. Hensing took sarcastic shots at
Linux security (e
ED] On Behalf Of Tim
Sent: Saturday, October 16, 2004 8:25 PM
To: Micheal Espinola Jr
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Senior M$ member says stop using passwords
completely!
Hello Mr Espinola,
> That much is obvious. Read the the full article, do a little
> background resear
Hello Mr Espinola,
> That much is obvious. Read the the full article, do a little
> background research and get back to us when you reach a more sensible
> conclusion.
The reason for my post was to point out that Mr. Hensing doesn't appear
to be a reliable source of information on the topic of p
On Sat, 2004-10-16 at 09:46, Tim wrote:
> Even if this was a new attack, a full rainbow table shouldn't be
> possible against a secure hash.
True if the hashes are salted. (with more than one byte please,
otherwise they just use 256 DVDs :)
> "Pass-phrase LENGTH, not complexity defeats these att
lM'; [EMAIL PROTECTED]
<|>Subject: RE: [Full-Disclosure] Senior M$ member says stop
<|>using passwords completely!
<|>
<|>
<|>No...
<|>Senior Microsoft member says: use passPHRASES instead of passWORDS.
<|>
<|>You should read the article befor
On Sat, 2004-10-16 at 11:46, Frank Knobbe wrote:
> It's a nice recommendation of MS to make (to use long passphrases
> instead of passwords). But I don't consider 14 chars a "passphrase".
> Perhaps they should enable more/all password components to handle much
> longer passwords/phrases.
heh... I
That much is obvious. Read the the full article, do a little
background research and get back to us when you reach a more sensible
conclusion.
Reactionary conclusions based on obvious article 'skimming' make it
apparent you didn't do your homework before posting.
FWIW I have used "rainbow" table
> http://blogs.msdn.com/robert_hensing/archive/2004/07/28/199610.aspx
Jesus, that guy just doesn't get it, does he?
"Pre-computation attacks are a somewhat new and interesting phenomenon
we are starting to encounter 'in the wild' through chainsaw security
consultants. What they do is they pre
No...
Senior Microsoft member says: use passPHRASES instead of passWORDS.
You should read the article before you start flaming.
-- Aviv.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of RandallM
Sent: Saturday, October 16, 2004 3:14 PM
To: [EMAIL PROTEC
27 matches
Mail list logo