ord
Wrenches of other values also have varying degrees of success.
-sc
> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Thursday, August 18, 2011 2:41 PM
> To: NT System Admin Issues
> Subject: Re: Almost, but not quite OT: Passwords
>
On Thu, Aug 18, 2011 at 2:16 PM, Hilderbrand, Doug
wrote:
> ... short and complex versus long password issue. I use long teens and
> twenties
> long character passwords at work with upper/lower case, numbers and
> punctuation.
Broadly speaking, increasing the size of a password is usually more
onics
>>
>> ****
>>
>> ** **
>>
>> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
>> *Sent:* Thursday, August 18, 2011 10:48 AM
>>
>> *To:* NT System Admin Issues
>> *Subject:* Re: Almost, but not quite OT: Passwords
>&g
;>
>>> ** **
>>>
>>> http://twit.tv/sn****
>>>
>>> http://www.grc.com/securitynow.htm
>>>
>>> ** **
>>>
>>> Doug Hilderbrand | Systems Analyst, Information Technology | Crane
>>> Aerospace & Elect
t; Doug Hilderbrand | Systems Analyst, Information Technology | Crane
> Aerospace & Electronics
>
>
>
> ** **
>
> *From:* Jonathan Link [mailto:jonathan.l...@gmail.com]
> *Sent:* Thursday, August 18, 2011 10:48 AM
>
> *To:* NT System Admin Issues
> *Subject:* Re:
t;
> *To:* NT System Admin Issues
> *Subject:* Re: Almost, but not quite OT: Passwords
>
> ** **
>
> Steve Gibson? Seriously?
>
>
> ** **
>
> http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/
>
> http://www.theregister.co.uk/2001/06/25/ste
1 10:48 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
I was waiting for someone else to step up. Glad to see I'm not
disappointed.
On Thu, Aug 18, 2011 at 1:39 PM, William Robbins
wrote:
Steve Gibson? Seriously?
http://www.theregister.co.u
C'mon... you know NanoProbes(!) are Teh Bomb!
-sc
From: William Robbins [mailto:dangerw...@gmail.com]
Sent: Thursday, August 18, 2011 1:39 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
Steve Gibson? Seriously?
http://www.theregister.co.uk/20
On Thu, Aug 18, 2011 at 1:05 PM, Hilderbrand, Doug
wrote:
> Steve Gibson is one of my heroes.
IMNSO: Steve Gibson is a blowhard who doesn't know half as much as
he thinks he does. SpinRite may or may not have been useful back when
hard drives were steam powered, but it does nothing to justify
; ** **
>>
>> Doug Hilderbrand | Systems Analyst, Information Technology | Crane
>> Aerospace & Electronics
>>
>> ** **
>>
>> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
>> *Sent:* Wednesday, August 10, 2011 2:06 PM
>>
>>
ystems Analyst, Information Technology | Crane
> Aerospace & Electronics
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, August 10, 2011 2:06 PM
>
> *To:* NT System Admin Issues
> *Subject:* Almost, but
rote SpinRite.
>
> ** **
>
> http://twit.tv/sn
>
> http://www.grc.com/securitynow.htm
>
> ** **
>
> Doug Hilderbrand | Systems Analyst, Information Technology | Crane
> Aerospace & Electronics
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@
r [mailto:asbz...@gmail.com]
Sent: Wednesday, August 10, 2011 2:06 PM
To: NT System Admin Issues
Subject: Almost, but not quite OT: Passwords
http://xkcd.com/936/# <http://xkcd.com/936/>
Yet, very pertinent.
ASB
http://about.me/Andrew.S.Baker
Harnessing the Adv
With single sign on products, it will happen either way. Then you have a
service desk call and cost to deal with
Cheers
Ken
From: Ben Schorr [mailto:b...@rolandschorr.com]
Sent: Saturday, 13 August 2011 3:57 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Nice
ut security"
Cheers
Ken
From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
Sent: Saturday, 13 August 2011 5:37 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
The stored password must be hashed (and preferably salted too) otherwise I
would change banks. When
On Fri, Aug 12, 2011 at 5:36 PM, wrote:
> But yes, they need to capture the hashes somehow, in that
> situation, either by sniffing or getting access to the database.
> But once that compromise is done, its usually only a matter of time.
Typically if one can sniff the password hashes, one has a
stem Admin Issues
Reply-To: "NT System Admin Issues"
Subject: RE: Almost, but not quite OT:
Passwords
But doesn't that require them to break into the authentication system?
When I go to log into my bank it doesn't present me a hashed password -
I give it what I think my pass
rr & Tower
www.rolandschorr.com
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Friday, August 12, 2011 14:28
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
On Fri, Aug 12, 2011 at 4:59 PM, Ben Schorr
wrote:
> Except Windows Locko
n [mailto:te...@treasurer.state.ks.us]
> > Sent: Friday, August 12, 2011 2:24 PM
> > To: NT System Admin Issues
> > Subject: RE: Almost, but not quite OT: Passwords
> >
> > Now you are all entering you real current Password right? Hmmm..how long
> > until you
On Fri, Aug 12, 2011 at 4:59 PM, Ben Schorr wrote:
> Except Windows Lockout tells you when you've been locked out, doesn't
> it?
Hmmm. I thought it only told you that if you entered the *correct*
password? It's been awhile since I've needed to deal with it; I may
be remembering wrong.
-- Ben
ailto:kz2...@googlemail.com]
> Sent: Friday, August 12, 2011 2:19 PM
> To: NT System Admin Issues
> Subject: Re: Almost, but not quite OT: Passwords
>
> A good brute force attack doesn't throw passwords out for authentication -
> just gets the hashed passwords and checks them
Sent: Friday, August 12, 2011 13:51
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
On Fri, Aug 12, 2011 at 3:50 PM, G.Waleed Kavalec
wrote:
> A trick we used to use (many years ago) was that after 3 bad tries NO
> password would work, even the right one. No addi
PM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Now you are all entering you real current Password right? Hmmm..how long
until you are hacked because the collected those Passwords?
-Original Message-
From: kz2...@googlemail.com [mailto:kz2...@googlemail.com
On Fri, Aug 12, 2011 at 3:50 PM, G.Waleed Kavalec wrote:
> A trick we used to use (many years ago) was that after 3 bad tries NO
> password would work, even the right one. No additional error message,
> it just let you keep on trying.
That's a common technique. It's available in Windows as "a
On Fri, Aug 12, 2011 at 3:00 PM, andy wrote:
> Are unix systems still only 8 characters.
I don't think that's been an issue in most/all Unix systems for a
few decades. :) Certainly the *nix systems they had at the
university back in 1995 had no such limitations. :)
-- Ben
~ Finally, powerf
ndschorr.com/>
From: G.Waleed Kavalec [mailto:kava...@gmail.com]
Sent: Friday, August 12, 2011 12:51
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
A trick we used to use (many years ago) was that after 3 bad tries NO
password would work, even the right one.
> in on a site I don't know. ****
> ----------
>
> *From: *"Kennedy, Jim"
> *Date: *Thu, 11 Aug 2011 10:46:08 -0400
> *To: *NT System Admin Issues
> *ReplyTo: *"NT System Admin Issues" >
> *Subject: *RE: Almost, but not quite OT
aracter password can be hacked in less than a week.
>
>
> At 11:00 AM 8/11/2011, Kennedy, Jim wrote:
>
> Good point, I just got phished.
>
> *From:* Gary Slinger [ mailto:gary.slin...@gmail.com]
>
> *Sent:* Thursday, August 11, 2011 10:57 AM
> *To:* NT System Admin Iss
something?
Ben M. Schorr
Roland Schorr & Tower
www.rolandschorr.com | www.officeforlawyers.com | Twitter: @bschorr
From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
Sent: Friday, August 12, 2011 12:19
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwo
: Almost, but not quite OT: Passwords
A good brute force attack doesn't throw passwords out for authentication - just
gets the hashed passwords and checks them against hashed values, AFAIK.
Therefore account lockouts are not triggered.
Sent from my POS BlackBerry wireless device, which may
ginal Message-
From: "Ben Schorr"
Date: Fri, 12 Aug 2011 09:15:39
To: NT System Admin Issues
Reply-To: "NT System Admin Issues"
Subject: RE: Almost, but not quite OT:
Passwords
Length is more important than complexity, no doubt. While it's good to
have mixed case an
At 11:00 AM 8/11/2011, Kennedy, Jim wrote:
Good point, I just got phished.
From: Gary Slinger [ mailto:gary.slin...@gmail.com
<mailto:gary.slin...@gmail.com> ]
Sent: Thursday, August 11, 2011 10:57 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
It w
, Kennedy, Jim wrote:
>Good point, I just got phished.
>
>From: Gary Slinger [mailto:gary.slin...@gmail.com]
>Sent: Thursday, August 11, 2011 10:57 AM
>To: NT System Admin Issues
>Subject: Re: Almost, but not quite OT: Passwords
>
>It wasn't one of my current 'real&#x
m
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: RE: Almost, but not quite OT: Passwords
> Date: Thu, 11 Aug 2011 13:43:08 +
>
>
>
>
>
>
>
>
>
>
>
> I changed my bed linens at the beginning of each semester whether they
needed changi
Which is a machine not connected to the production network for the
password I tested.
Booyah.
-sc
From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Thursday, August 11, 2011 10:28 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
Except now
rd security (with the overhead of management and
> repudiation), 2FA / 3FA is far more secure.
>
> ** **
>
> Cheers
>
> Ken
>
> ** **
>
> ** **
>
> *From:* Maglinger, Paul [mailto:pmaglin...@scvl.com]
> *Sent:* Thursday, 11 August 2011 11:0
gt;>
>> ** **
>>
>> -sc
>>
>> ** **
>>
>> *From:* Martin Blackstone [mailto:mblackst...@gmail.com]
>> *Sent:* Thursday, August 11, 2011 10:20 AM
>>
>> *To:* NT System Admin Issues
>> *Subject:* RE: Almost, but not quite OT: Passwords
&
Even websites! A bank I use limits the password to eight characters and you
cannot use special characters.
From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Wednesday, August 10, 2011 5:28 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
Unfortunately way
The quick brown fox jumps over the lazy d0g
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, August 10, 2011 3:48 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
My last two password were in this form:
X xxx'x xx xx.
Maglinger, Paul [mailto:pmaglin...@scvl.com]
Sent: Thursday, 11 August 2011 11:03 PM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Using XxXxXxXxXxXx on GRC:
Time Required to Exhaustively Search this Password's Space:
Online Attack Scenario:
(Assuming one thousand guess
and Citrix Technology Professional
http://www.CarlWebster.com<http://www.carlwebster.com/>
From: Sean Rector
[mailto:sean.rec...@vaopera.org]<mailto:[mailto:sean.rec...@vaopera.org]>
Sent: Thursday, August 11, 2011 9:33 AM
To: NT System Admin Issues
Subject: RE: Almost, but not qui
ssive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)
1.52 months
From: Webster [mailto:webs...@carlwebster.com]
Sent: Thursday, August 11, 2011 9:38 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Using the one from GRC:
Good point, I just got phished.
From: Gary Slinger [mailto:gary.slin...@gmail.com]
Sent: Thursday, August 11, 2011 10:57 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
It wasn't one of my current 'real' passwords. I'm not putting one of those i
"
Subject: RE: Almost, but not quite OT:
Passwords
Buwhahahah 124 thousand years.
From: Gary Slinger [mailto:gary.slin...@gmail.com]
Sent: Thursday, August 11, 2011 10:45 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
With one special charact
Some of the security thinking I've heard is the unintended consequence of
'complex' alphanumeric passwords that were to thwart brute force/dictionary
remote attacks provides a rich source for the keylogger/social remote attack.
If that data stream has content which is _not_ in the dictionary, m
Buwhahahah 124 thousand years.
From: Gary Slinger [mailto:gary.slin...@gmail.com]
Sent: Thursday, August 11, 2011 10:45 AM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
With one special character, 15 years. Without it, 4 days. Interesting
With one special character, 15 years. Without it, 4 days. Interesting.
-Original Message-
From: "Martin Blackstone"
Date: Thu, 11 Aug 2011 07:19:59
To: NT System Admin Issues
Reply-To: "NT System Admin Issues"
Subject: RE: Almost, but not quite OT:
Passw
http://www.CarlWebster.com<http://www.carlwebster.com/>
From: Sean Rector [mailto:sean.rec...@vaopera.org]
Sent: Thursday, August 11, 2011 9:33 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
One of mine gave back 5 septillion years. ;)
Sean Rector, MCSE
Fro
ilto:webs...@carlwebster.com>
To:
ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>
Subject: RE: Almost, but not quite OT: Passwords
Date: Thu, 11 Aug 2011 13:43:08 +
I changed my bed linens at the beginning of each semester whether they needed
changing or not.
: Re: Almost, but not quite OT: Passwords
Must be easy compiling dictionary attack files for the admins of that
site. :-)
Sent from my POS BlackBerry wireless device, which may wipe itself at
any moment
From: Shauna Hensala
Date: Thu, 11 Aug 2011 08:15:44
One of mine gave back 5 septillion years. ;)
Sean Rector, MCSE
From: Steven M. Caesare [mailto:scaes...@caesare.com]
Sent: Thursday, August 11, 2011 10:25 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
It would take a desktop PC
About 193 trillion years
ystem Admin Issues"
Subject: RE: Almost, but not quite OT:
Passwords
Have your users go here: http://www.howsecureismypassword.net/
and enter their password to see how long it would take to crack. A fun little
exercise.
Shauna Hensala
From: webs...@carlwebster.com
To: ntsysadmin@lyr
>
> ** **
>
> *From:* Martin Blackstone [mailto:mblackst...@gmail.com]
> *Sent:* Thursday, August 11, 2011 10:20 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Almost, but not quite OT: Passwords
>
> ** **
>
> I got one year.
>
> ** **
&g
t;
> --
>
> From: webs...@carlwebster.com
> To: ntsysadmin@lyris.sunbelt-software.com
> Subject: RE: Almost, but not quite OT: Passwords
> Date: Thu, 11 Aug 2011 13:43:08 +
>
> I changed my bed linens at the beginning of each semester whether
It would take a desktop PC
About 193 trillion years
to hack your password
I'll take it.
-sc
From: Martin Blackstone [mailto:mblackst...@gmail.com]
Sent: Thursday, August 11, 2011 10:20 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
I got one
You can get two months out of them if you turn them inside-out!
From: Daniel Rodriguez [mailto:drod...@gmail.com]
Sent: Thursday, August 11, 2011 9:19 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Had a youth minister say, "I change my underware o
I got one year.
From: Shauna Hensala [mailto:she...@msn.com]
Sent: Thursday, August 11, 2011 7:16 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Have your users go here: http://www.howsecureismypassword.net/
and enter their password to see how long it
nt
>
>
>
> On Aug 11, 2011 7:42 AM, Webster > wrote:
> I change my passwords religiously every 7 years.
>
> Carl Webster
> Consultant and Citrix Technology Professional
> http://www.CarlWebster.com<http://www.carlwebster.com/>
Have your users go here: http://www.howsecureismypassword.net/
and enter their password to see how long it would take to crack. A fun little
exercise.
Shauna Hensala
From: webs...@carlwebster.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: Almost, but not quite OT: Passwords
ust 11, 2011 8:32 AM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
nice.
Reminds me of an old roommate, "I clean the shower every six months whether it
needs it or not."
Sent from my Palm Pre on the Now Network from Sprint
__
ars.
Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.com<http://www.carlwebster.com/>
From: Gasper, Rick [mailto:rickgas...@kings.edu]
Subject: RE: Almost, but not quite OT: Passwords
Crap…I now have to change my password again…
From: Jon Harris
[mailto:jk.
I change my passwords religiously every 7 years.
Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.com<http://www.carlwebster.com/>
From: Gasper, Rick [mailto:rickgas...@kings.edu]
Subject: RE: Almost, but not quite OT: Passwords
Crap...I now have to cha
Crap...I now have to change my password again...
From: Jon Harris [mailto:jk.har...@gmail.com]
Sent: Wednesday, August 10, 2011 6:44 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
If the in-house team ever got a round to it both could be kept happy but using
password using any characters desired.
>
> ** **
>
> *From:* Webster [mailto:webs...@carlwebster.com]
> *Sent:* Wednesday, August 10, 2011 9:17 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Almost, but not quite OT: Passwords
>
> ** **
>
> ETrade:
>
> **
I believe the NSA came up with a value of 0.6 eventually, but agree that
it's sound advice.
a
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: 11 August 2011 02:07
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
On Wed, Aug 10,
ebster.com]
Sent: 10 August 2011 23:11
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Because the security team and or auditor are simply following a check
list. Complex passwords required - check. My job is done.
Carl Webster
Consultant and Citrix Technology Pr
not quite OT: Passwords
http://xkcd.com/936/#<http://xkcd.com/936/>
Yet, very pertinent.
ASB
http://about.me/Andrew.S.Baker
Harnessing the Advantages of Technology for the SMB market...
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbe
2011 7:22 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: Almost, but not quite OT: Passwords
>
> ** **
>
> I'm not going to argue the point too strongly, but building a short,
> complex password probably requires using a mental template of some sort.
> Per
Thanks for the info.
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Wednesday, August 10, 2011 8:07 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
On Wed, Aug 10, 2011 at 5:33 PM, Crawford, Scott wrote:
> Interesting. I'd
Buff [mailto:kurt.b...@gmail.com]
Sent: Wednesday, August 10, 2011 7:22 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
I'm not going to argue the point too strongly, but building a short, complex
password probably requires using a mental template of some sort. Pe
bs...@carlwebster.com]<mailto:[mailto:webs...@carlwebster.com]>
Subject: RE: Almost, but not quite OT: Passwords
Most financial sites (many banks and investment sites [Vanguard, eTrade]) do
not allow complex passwords!
Carl Webster
Consultant and Citrix Technology Professional
http
S. Baker
[mailto:asbz...@gmail.com]<mailto:[mailto:asbz...@gmail.com]>
Subject: RE: Almost, but not quite OT: Passwords
And, many apps *still*have limits on password length that hamper passwords
above 10 or 12 characters.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
er [mailto:webs...@carlwebster.com]
Sent: Wednesday, August 10, 2011 5:49 PM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
Most financial sites (many banks and investment sites [Vanguard, eTrade]) do
not allow complex passwords!
Carl Webster
Consultant and Ci
On Wed, Aug 10, 2011 at 5:33 PM, Crawford, Scott wrote:
> Interesting. I’d like to understand how the bits of entropy are calculated
> though.
As a rule of thumb, English has about one bit of entropy per
character. (It's more complicated than that, of course, and figures
and formulas vary, bu
kra...@zetetic.net<mailto:skra...@zetetic.net>]
> Sent: Wednesday, August 10, 2011 5:06 PM
> To: NT System Admin Issues
> Subject: Re: Almost, but not quite OT: Passwords
>
> It looks like Randall @ xkcd supposes each word in "correct horse battery
> staple" has 11 bits
]
> *Sent:* Wednesday, August 10, 2011 7:23 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Almost, but not quite OT: Passwords
>
> ** **
>
>
> And, many apps *still*have limits on password length that hamper passwords
> above 10 or 12 characters.
>
>
August 10, 2011 7:23 PM
To: NT System Admin Issues
Subject: RE: Almost, but not quite OT: Passwords
And, many apps *still*have limits on password length that hamper passwords
above 10 or 12 characters.
-ASB: http://about.me/Andrew.S.Baker
Sent from my Motorola Droid
On Aug 10, 2011 6:10 PM, &q
nal
> > http://www.CarlWebster.com<http://www.carlwebster.com/>
>
> >
> >
> > From: Steve Kradel [mailto:skra...@zetetic.net]
> > Sent: Wednesday, August 10, 2011 5:06 PM
> > To: NT System Admin Issues
> > Subject: Re: Almost, but not quite OT: Passwords
> >
, 2011 5:06 PM
> To: NT System Admin Issues
> Subject: Re: Almost, but not quite OT: Passwords
>
> It looks like Randall @ xkcd supposes each word in "correct horse battery
staple" has 11 bits of entropy, which is to say, the person choosing the
password has a comfortable vocabu
member, but muscle memory makes remembering 8
> character random alphanumeric passwords pretty easy too.
>
> ** **
>
> *From:* Steve Kradel [mailto:skra...@zetetic.net]
> *Sent:* Wednesday, August 10, 2011 5:06 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Almost, but not
esday, August 10, 2011 5:06 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
It looks like Randall @ xkcd supposes each word in "correct horse battery
staple" has 11 bits of entropy, which is to say, the person choosing the
password has a comfortable voc
> --Steve
>>
>>
>> On Wed, Aug 10, 2011 at 5:33 PM, Crawford, Scott
>> wrote:
>>
>>> Interesting. I’d like to understand how the bits of entropy are
>>> calculated though.
>>>
>>>
tand how the bits of entropy are
>> calculated though.
>>
>> ** **
>>
>> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
>> *Sent:* Wednesday, August 10, 2011 4:06 PM
>> *To:* NT System Admin Issues
>> *Subject:* Almost, but not quite OT:
and Citrix Technology Professional
>
> http://www.CarlWebster.com <http://www.carlwebster.com/>
>
> ** **
>
> ** **
>
> *From:* Steve Kradel [mailto:skra...@zetetic.net]
> *Sent:* Wednesday, August 10, 2011 5:06 PM
> *To:* NT System Admin Issues
> *Subject:*
ic.net]
Sent: Wednesday, August 10, 2011 5:06 PM
To: NT System Admin Issues
Subject: Re: Almost, but not quite OT: Passwords
It looks like Randall @ xkcd supposes each word in "correct horse battery
staple" has 11 bits of entropy, which is to say, the person choosing the
password h
On Wed, Aug 10, 2011 at 5:33 PM, Crawford, Scott wrote:
> Interesting. I’d like to understand how the bits of entropy are
> calculated though.
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, August 10, 2011 4:06 PM
>
86 matches
Mail list logo
