On 4/21/06, Christopher Carpenter <ccarpenter@dswa.net> wrote:
That's patently false. The longer the password, the better it will hold
up against brute force attacks. Length and complexity also provide a
measure of protection against those using rainbow tables.
If I remember correctly, the 7 letter issue comes from
networks/machines that have LMAN configured. The LMAN password is
broken into 7 character chunks. So if you have a 8 character password
you will send in the clear or store a 7 character password and a 1
character password. So in this case a longer password does not help
because you are only looking at 7 characters per cipherd bit.
So the answer is if you use LANMAN or equivalent passwords, you are
only getting protection of 7 characters per 'part'. Thats bad..
Friends do not let friends use LANMAN. The other options for passwords
also have their limitations that you need to research before you
implement the one that is best for your environment. (E.G. if you have
NT 3.51 and NT-4.0 boxes.. you are stuck with certain choices.. )
Rainbow Tables (Wikipedia)
http://en.wikipedia.org/wiki/Rainbow_table
Password Recovery Speeds (Lockdown.co.uk)
http://www.thecrypt.co.uk/lockdown/recovery_speeds.html
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
-------------------------------------------------------------------------
This List Sponsored by: Webroot
Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise
http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
