Security Basics mailing list archives

Re: Hashing passwords

From: Kai Wirt <u-turn1 () gmx de>
Date: Tue, 12 Jun 2012 20:30:04 +0200

Just also revise enforcing password changing rules (every after 30 days) on your site and strong passwords(no less 
then 8 characters, special characters, upper cases,numbers and symbols) , this helps when attackers try brute 
forcing, so by the time they crack the password its no longer in use...


There's an interesting paper on this topic:

http://research.microsoft.com/users/cormac/papers/2009/SoLongAndNoThanks.pdf

In short, most of the password rules employed today are mostly annoying to users and
don't really improve security.

Attachment: _bin
Description:

Current thread:

Hashing passwords haZard0us (Jun 11)
- Re: Hashing passwords Ansgar Wiechers (Jun 11)
  - Re: Hashing passwords Rory Browne (Jun 11)
    - RE: Hashing passwords Liam Randall (Jun 12)
    - Re: Hashing passwords martin . mngoma (Jun 12)
    - Re: Hashing passwords Kai Wirt (Jun 12)
    - Re: Hashing passwords Kurt Buff (Jun 12)
    - Re: Hashing passwords Ansgar Wiechers (Jun 13)
    - Re: Hashing passwords Kurt Buff (Jun 13)
    - Re: Hashing passwords Alexander Klimov (Jun 13)
    - RE: Hashing passwords Mikhail A. Utin (Jun 13)
    - Re: Hashing passwords Kai Wirt (Jun 13)
  - Re: Hashing passwords Kai Wirt (Jun 11)
    - Re: Hashing passwords gold flake (Jun 12)
    - Re: Hashing passwords Kai Wirt (Jun 12)
- Re: Hashing passwords Jennifer Wachter (Jun 12)

(Thread continues...)