Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Re: RE: ADS Password Storage Protection

from [Pranav Lal] Network Security [Permanent Link]
Subject: RE: Re: RE: ADS Password Storage Protection
Date: Tue, 18 Jul 2006 22:12:51 +0530 
Hi all,

Since we are discussing passwords, has anyone tried dice where?
http://www.diceware.com

Pranav 

-----Original Message-----
From: eric.baechle@dhs.gov [mailto:eric.baechle@dhs.gov] 
Sent: Tuesday, July 18, 2006 1:25 AM
To: security-basics@securityfocus.com
Subject: Re: Re: RE: ADS Password Storage Protection

Winshel;


Actually, a passphrase is not as secure as a random password.  As you
probably have heard, "Don't use dictionary words" over and over again.  Even
compound dictionary words are bad, ie: "firedogdalmation".  Compounding
dictionary words with spaces, punctuation, and even gramatically correct
modifiers in between is really no different than without.  It's a very
simple substitution to try; "firedogdalmation" and then try "fire dog
dalmation", "Fire Dog Dalmation", "Dalmation the Fire Dog", etc.


Using compound dictionary words could come back to bite you very quickly,
even when used in long phrases.


Sincerely,


Eric Baechle, CISSP/ISSEP, etc.

Senior INFOSEC/OPSEC Engineer

Department of Homeland Security

---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and  
practice to master. We can't teach you to hack. But we can teach you  
what we've learned so far. Our courses are honest, real, technical  
and practical. SensePost willl be at Black Hat Vegas in July. To see  
what we're about, visit us at: 

http://www.sensepost.com/training.html
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: ADS Password Storage Protection, Roger A. Grimes
Next by Date:  RE: Re: RE: ADS Password Storage Protection, Baechle, Eric
Previous by Thread:  Re: Re: RE: ADS Password Storage Protection, Gregory Rubin
Next by Thread:  Re: Re: Re: RE: ADS Password Storage Protection, winshel
Indexes:  [Date] [Thread] [Top] [All Lists]