Security Basics mailing list archives
Re: Password creating Theories
From: ework0 <ework0 () gmail com>
Date: Tue, 15 Nov 2005 15:56:08 -0600
Glenn English wrote:
A better approach is validate the passwords instead of apply methods to generate them. An intruder can find out what's your method and perform selective brute force cracking.On Fri, 2005-11-11 at 16:27 -0500, Jennifer Fountain wrote:I am currently coming up with a new policy to create root/admin passwords for windows and linux boxes and would like to know your thoughts on the methods you use to create them. Thanks for any input!I ask the person who's password is being created to tell me the second line of a favorite song, then use the first letters of the line, using numerals where possible and including any punctuation. It's easy for that person to remember, harder for someone else, and not subject to dictionary attacks.
Let the user choose the passwords following some basic rules, for example, at least 6 characters, combination of numbers and letters, and so on....
Current thread:
- Password creating Theories Jennifer Fountain (Nov 15)
- Re: Password creating Theories Glenn English (Nov 15)
- Re: Password creating Theories ework0 (Nov 16)
- Re: Password creating Theories Glenn English (Nov 16)
- Re: Password creating Theories Chris Umphress (Nov 16)
- Re: Password creating Theories ework0 (Nov 16)
- Re: Password creating Theories Saqib Ali (Nov 15)
- RE: Password creating Theories Jon Gucinski (Nov 16)
- RE: Password creating Theories Adrian Floarea (Nov 16)
- Re: Password creating Theories Jacob Bresciani (Nov 15)
- Re: Password creating Theories Gaddis, Jeremy L. (Nov 16)
- Re: Password creating Theories Ansgar -59cobalt- Wiechers (Nov 16)
- Re: Password creating Theories Justin (Nov 16)
- <Possible follow-ups>
- Re: Password creating Theories Steve.Cummings (Nov 15)
(Thread continues...)
- Re: Password creating Theories Glenn English (Nov 15)