On 9/9/05, Peter Parker <peterparker@fastmail.fm> wrote:
Most of the available crackers have option to brute all possible
characters (including whitespaces). We want strong password because we
dont want them to be compromised (by anymeans)
Strong passwords *normally* force users to write them down, and unless
you've exposed a dictionary-attackable service like OWA, don't really
help- since the big risk is local exploitation where those little
yellow notes make all the difference.
Since _most_ of the precomputed tables available for rainbow crack are
generally not one generated with whitespaces so I started using it
regularly in my passwords :D
1. Thanks for helping reduce the keyspace necessary to acquire your
passwords :-P
2. The newest Shmoo tables include the space character.
3. Disabling backwards-compatible hashes and the local storage of
hashes (if possible) will go a lot further than hoping that an
attacker's tables don't have the characters you're using or that the
math doesn't suddenly become easy.
4. OTPs which are well-generated in hardware are generally worth more
than any other scheme for solving the password problem.
Paul
--
www.compuwar.net
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
