Home page logo

basics logo Security Basics mailing list archives

Re: RE: ADS Password Storage Protection
From: winshel () camden rutgers edu
Date: 15 Jul 2006 04:24:34 -0000

I've read and heard many sources say this same thing, i.e., that, for windows systems, length is stronger than short 
and complex.  And that a 15 character or longer password can be a real phrase and it will be a secure password.

I can see why a long password that consists of a real phrase - such as "frankly, my dear, I don't give a damn" - would 
be just as secure as an equally long complex password, in terms of protection against a brute force attack.

I don't know much about password cracking programs but am surprised that, while they would be working  on a brute force 
attack, they wouldn't be able to try a lot of commonly-used phrases at the same time.

If some password cracking programs can use a dictionary attack, couldn't there also be something called a passphrase 
attack?  Would it be difficult for a password cracker to digitize Bartlett's Book of Quotations and include that in an 
attack on a password? 

This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and  
practice to master. We can't teach you to hack. But we can teach you  
what we've learned so far. Our courses are honest, real, technical  
and practical. SensePost willl be at Black Hat Vegas in July. To see  
what we're about, visit us at: 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]