Network Security: Detailed info on Re: Password Cracking

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Basics

[Top] [All Lists]

Re: Password Cracking

from [Miles Stevenson] Network Security

[Permanent Link]

Subject:	Re: Password Cracking
Date:	Wed, 15 Sep 2004 21:09:23 -0400

<snip>

I am calling this vulnerability Strong Passwords but Weak Systems.

</snip>

A good variation on this kind of attack is the slew of recent phishing 
attempts hitting your inbox on a regular basis. This and other forms of 
social engineering make password complexity irrelevant.

This is another good example of why it is not a good idea to rely on passwords 
for authentication. As a general practice, I try to keep password 
authentication as a last resort solution. Asymmetric cryptography (pub/priv 
keypairs) is my usual perferred solution, although skey, and other forms of 
biometrics are other alternatives that can sometimes be more appriopriate 
depending on your situation. My philosophy is that if it relies on passwords 
for authentication, its getting wrapped inside a VPN tunnel with better 
authentication mechanisms. 

-- 
Miles Stevenson
miles@mstevenson.org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63

pgpmwyf7JaA1n.pgp
Description: PGP signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Password Cracking, (continued) Re: Password Cracking, K. K. Mookhey Re: Password Cracking, Anirudhya Mitra Re: Password Cracking, GuidoZ Re: Password Cracking, GuidoZ RE: Password Cracking, Oguzhan AKYUZ RE: Password Cracking, Teo Gomez Re: Password Cracking, Über GuidoZ RE: Password Cracking, Sadler, Connie RE: Password Cracking, Michael Shirk Re: Password Cracking, Steve Re: Password Cracking, Miles Stevenson <= RE: Password Cracking, Andrew Shore RE: Password Cracking, Jonathan Loh Re: Password Cracking, Dave Aronson RE: Password Cracking, Nick Owen RE: Password Cracking, William Baglivio RE: Password Cracking, easternerd Re: Password Cracking, GuidoZ Re: Password Cracking, David J. Bianco RE: Password Cracking, Bénoni MARTIN RE: Password Cracking, James McGee

Previous by Date:	RE: Learning WAN technologies, DeGennaro, Gregory
Next by Date:	Re: Password Cracking, K. K. Mookhey
Previous by Thread:	Re: Password Cracking, Steve
Next by Thread:	RE: Password Cracking, Andrew Shore
Indexes:	[Date] [Thread] [Top] [All Lists]