|
Full Disclosure
mailing list archives
Re: Senior M$ member says stop using passwords completely!
From: Frank Knobbe <frank () knobbe us>
Date: Sat, 16 Oct 2004 11:46:45 -0500
On Sat, 2004-10-16 at 09:46, Tim wrote:
Even if this was a new attack, a full rainbow table shouldn't be
possible against a secure hash.
True if the hashes are salted. (with more than one byte please,
otherwise they just use 256 DVDs :)
"Pass-phrase LENGTH, not complexity defeats these attacks."
Not if your hashes are chunked like some (all?) of M$'s. Precomputed
chunks with a good lookup table defeats longer passwords.
It's a nice recommendation of MS to make (to use long passphrases
instead of passwords). But I don't consider 14 chars a "passphrase".
Perhaps they should enable more/all password components to handle much
longer passwords/phrases.
Let me guess, that will all be fixed in Longshot.
Cheers,
Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
 By Date 
By Thread
Current thread:
- RE: Senior M$ member says stop using passwords completely!, (continued)
Re: Senior M$ member says stop using passwords completely! Frank Knobbe (Oct 16)
Re: Senior M$ member says stop using passwords completely! Andrew Farmer (Oct 20)
RE: Senior M$ member says stop using passwords completely! Aviv Raff (Oct 16)
| 
Intro
