Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RE: ADS Password Storage Protection

from [winshel] Network Security [Permanent Link]
Subject: Re: RE: ADS Password Storage Protection
Date: 15 Jul 2006 04:24:34 -0000 
I've read and heard many sources say this same thing, i.e., that, for windows 
systems, length is stronger than short and complex.  And that a 15 character or 
longer password can be a real phrase and it will be a secure password.

I can see why a long password that consists of a real phrase - such as 
"frankly, my dear, I don't give a damn" - would be just as secure as an equally 
long complex password, in terms of protection against a brute force attack.

I don't know much about password cracking programs but am surprised that, while 
they would be working  on a brute force attack, they wouldn't be able to try a 
lot of commonly-used phrases at the same time.

If some password cracking programs can use a dictionary attack, couldn't there 
also be something called a passphrase attack?  Would it be difficult for a 
password cracker to digitize Bartlett's Book of Quotations and include that in 
an attack on a password? 

---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and  
practice to master. We can't teach you to hack. But we can teach you  
what we've learned so far. Our courses are honest, real, technical  
and practical. SensePost willl be at Black Hat Vegas in July. To see  
what we're about, visit us at: 

http://www.sensepost.com/training.html
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ADS Password Storage Protection, Neil
Next by Date:  Re: Wake-On-LAN security, Hylton Conacher(ZR1HPC)
Previous by Thread:  Re: ADS Password Storage Protection, Eoin Miller
Next by Thread:  Re: ADS Password Storage Protection, ab
Indexes:  [Date] [Thread] [Top] [All Lists]