Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Password creating Theories

From: "Andrew Williams" <Andrew () Syngress com>
Date: Fri, 18 Nov 2005 11:33:44 -0500
Hi David,

The title is "Perfect Passwords: Selection, Protection, Authentication"
http://www.amazon.com/gp/product/1597490415/104-2058717-7732767?v=glance
&n=283155&s=books&v=glance

Andrew
 


-----Original Message-----
From: David Fiore [mailto:dfiore.fms () gmail com] 
Sent: Friday, November 18, 2005 11:27 AM
To: dave kleiman; security-basics () securityfocus com
Cc: 'Jennifer Fountain'; Andrew Williams; 'Saqib Ali'
Subject: RE: Password creating Theories

Guys,

What is the Title of the book?  I'd like to purchase it since 
I'm in the same boat that Jennifer is in.

Thanks,

David
( I live for user training :) )



-----Original Message-----
From: dave kleiman [mailto:dave () isecureu com]
Sent: Wednesday, November 16, 2005 2:39 PM
To: security-basics () securityfocus com
Cc: 'Jennifer Fountain'; 'Andrew Williams'; 'Saqib Ali'
Subject: RE: Password creating Theories

Saqib,

I have been tasked with tech-editing the book (with Mark that 
is fairly easy job).

I feel one of the great benefits to this book is Mark has 
explained things in a way the most novice of users can 
understand. Now there are some chapters that are for the 
Admin type users where he goes into Rainbow tables and such.

However, this is book to help ease the Admins job, you as an 
Admin could give this book to your end users and they would 
begin to "see the light" of what you are trying to accomplish 
in a password policy.

Additionally, it may help some of the super-techie Admins 
understand why the end user was not grasping the concept.

An example: 1 of many cool methods Mark uses to show the 
affect of password length, is using the old Bicycle 
Combination locks, you know the old 3 digit ones we all had 
or saw as kids, and how long it would take to crack, as 
opposed to one with just 1 or 2 more digits.  All I can say 
is a spent about
3 hours out in the garage....

It is a fun and excellent book. (Note: I do not get a dime 
for any sales of the book)


Dave






     -----Original Message-----
     From: Andrew Williams [mailto:Andrew () Syngress com]
     Sent: Tuesday, November 15, 2005 16:35
     To: Saqib Ali
     Cc: Jennifer Fountain; security-basics () securityfocus com
     Subject: RE: Password creating Theories

     When I first started discussing the book with the author
     (Mark Burnett), I thought a whole book on the topic seemed
     a bit much as well. But, the more I saw of Mark's
     manuscript, the more intrigued/interested I became in the idea.

     The book is relatively short, 200 pages total. So, we
     realized this couldn't be a door stop. The book is for
     both sys admins/infosec pros as well as users. One of the
     book's primary goals is to provide admins w/ strategies
     and polices they can convey to their users so that users
     will consistently create strong passwords that they can
     actually remember as well.

     It is also kind of a fun read with interesting facts,
     stats, etc.; like the 500 worst passwords of all time, etc.

     Best,
     A

     > -----Original Message-----
     > From: Saqib Ali [mailto:docbook.xml () gmail com]
     > Sent: Tuesday, November 15, 2005 4:18 PM
     > To: Andrew Williams
     > Cc: Jennifer Fountain; security-basics () securityfocus com
     > Subject: Re: Password creating Theories
     >
     > having a whole book dedicated to Password building seems an
     > overkill....
     >
     > who will be the target audience?-
     >
     > On 11/15/05, Andrew Williams <Andrew () syngress com> wrote:
     > > We're actually about to publish a book on 
ideas/strategies for
     > > building passwords and password policies. We have a
     sample chapter
     > > available on
     >
     > In Peace,
     > Saqib Ali
     > http://www.xml-dev.com/blog/
     > Consensus is good, but informed dictatorship is better.
     >
Previous By Date Next
Previous By Thread Next

Current thread: