|
Firewall Wizards
mailing list archives
Re: Radius access from provider to internal MS ISA Server
From: "Kyle R. Hofmann" <krh () lemniscate net>
Date: Fri, 05 Jul 2002 14:29:59 -0700
On Fri, 05 Jul 2002 11:53:54 -0400, Paul Robertson wrote:
your Radius box is giving the challenges then as long as they're "unique
in space and time" and not predictable then you're probably safe from
everything but a password guessing attack (modulo MD5 attacks). In other
words, use good passwords - but you probably didn't need to be told
that.
IMO, strong passwords are dead- dictionaries are too good now, if you're
using reusable passwords, you should assume compromised credentials at
some level, esepcially if a third party gets to participate.
Dictionaries are only too good if you use them to find your passwords.
What's wrong with using a random device and a Perl script?:
$ uname
OpenBSD
$ perl -we 'open(RND, "/dev/arandom");read(RND,$x,15);@x=split //,$x;for(@x){next if(ord($_)>191);print
chr((ord($_)%96)+32);}print "\n";'
O6G2c}S#@|TS &
$
Try finding O6G2c}S#@|TS in a dictionary. And if you can't remember it,
write it down on a slip of paper and put it in your wallet.
--
Kyle R. Hofmann <krh () lemniscate net>
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
|
Intro
