Home page logo

basics logo Security Basics mailing list archives

Re: ADS Password Storage Protection
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sat, 22 Jul 2006 06:42:53 +0200

On 2006-07-20 Roger A. Grimes wrote:
Here is my statement: That password length is a better defender of
passwords than complexity, character for character, and that length
should at least be given equal treatment when creating strong

I agree with the latter of your statement, but the former is plain
wrong. Length and complexity are equivalent, i.e. you can increase
either length or complexity (or both of course) to make a stronger
password. That's pretty obvious if you think about e.g. base64-encoding
a password: the encoding increases the length and decreases the
complexity, but doesn't affect the strength at all. It's due to the
physical limitations of keyboards that it's usually easier to increase
the length than the complexity.

Ansgar Wiechers
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

This list is sponsored by: Norwich University

The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]