|
Firewall Wizards
mailing list archives
RE: strong passwords (was Radius/MS ISA stuff)
From: "Behm, Jeffrey L." <BehmJL () bvsg com>
Date: Tue, 9 Jul 2002 07:06:13 -0500
From: George W. Capehart [mailto:capegeo () opengroup org]
Sent: Monday, July 08, 2002 9:28 PM
Daniel Djundjek wrote:
Think of it this way. Most PIN Numbers for banks to take
money out of an
electronic teller is 4 Digit's, and I can't remember the
last time I was
forced to change this PIN code...
Daniel,
There is a *very* *important* distinction between a password and PIN
that is used *in conjuction with* an ATM card.
<snip>
look for suspicious activity. So, even though, on the surface, a PIN
may look like a very weak password, it's not. It is one factor of a
dual-factor authentication mechanism that is only one component of a
multi-component security/risk management/fraud management system.
Contrast this with a password-only authentication mechanism that
protects, say, NT, Unix, SQL Server or Oracle. I can start a
dictionary
attack against the password file and then go out to dinner, a movie,
drinks, come back home, go to bed, sleep well all night, get
up the next
morning, go to work . . . while crack is working. I get an email when
it's through . . . You get the picture.
I don't disagree overall, but you glossed over "how" one acquires the passwd
file.
If one already has access to the passwd file, then one has already completed
the hard part.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
|
Intro
