Home page logo
/

basics logo Security Basics mailing list archives

RE: Re: Re: RE: ADS Password Storage Protection
From: "dave kleiman" <dave () davekleiman com>
Date: Tue, 18 Jul 2006 13:16:53 -0400

Winshel,


That would be because after 14 characters there is no LM hash store of the
password on a windows system.

Some excellent resources for discussions on good password polices and ideas:
http://www.securityfocus.com/archive/88/312263

5-Minute Security Advisor - Choosing a Good Password Policy:
http://www.microsoft.com/technet/archive/community/columns/security/5min/5mi
n-302.mspx

Frequently Asked Questions About Passwords:
http://www.microsoft.com/technet/community/columns/secmgmt/sm1005.mspx

The Great Debates: Pass Phrases vs. Passwords:
http://www.microsoft.com/technet/community/columns/secmgmt/sm1004.mspx
http://www.microsoft.com/technet/community/columns/secmgmt/sm1104.mspx
http://www.microsoft.com/technet/community/columns/secmgmt/sm1204.mspx

And:
http://www.syngress.com/catalog/?pid=3420
http://www.castlecops.com/a5842-Passwords_Staying_Safe.html




Dave





 
   -----Original Message-----
    From: winshel () camden rutgers edu 
    [mailto:winshel () camden rutgers edu] 
    Sent: Monday, July 17, 2006 23:49
    To: security-basics () securityfocus com
    Subject: Re: Re: Re: RE: ADS Password Storage Protection
    
    Thanks for the comment.  I'm still unclear - if I'm not 
    mischaraterizing the situation - why there seems to be a 
    lot of support for the idea that a 15 character windows 
    passphrase can be a real phrase and be very secure.  Do you 
    think there is - or will be in the near future - a 
    passphrase attack?    Is there such a thing as a "strong 
    passphrase?"
   


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]