-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 16 Sep 2005, Paul Robertson wrote:
On 9/9/05, Peter Parker <peterparker@fastmail.fm> wrote:
Most of the available crackers have option to brute all possible
characters (including whitespaces). We want strong password because we
dont want them to be compromised (by anymeans)
Strong passwords *normally* force users to write them down, and unless
you've exposed a dictionary-attackable service like OWA, don't really
help- since the big risk is local exploitation where those little
yellow notes make all the difference.
We've found additionally, short expiry times can also make this reverting
to postit passes also happen with greater frequency, as well as having
multiple passwd's for various systems...great case for OTP.
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDLiFSst+vzJSwZikRAqckAJ9xRTOR22uWjk7ygN9PC7etGH+jfwCfajfD
N1GTLUlallfY7v7UF+y6LFM=
=yKYt
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
