RE: IPSec with Preshared secret warning.

Why bother with a VPN?  Anyone that uses secrets like that deserves it....
I tend to use 20ish character secrets when I need to use them, mixed with
all the fun character switching tricks.  Encryption's there for a reason.

-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CIT1.1
38000 Hills Tech Drive
Farmington Hills, MI  48331
(248) 553-1164 (P)     (248) 848-2855 (F)
shawn.quillman@xxxxxxxxxxxx


-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Monday, May 05, 2003 7:54 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IPSec with Preshared secret warning.


http://www.ISAserver.org


> to figure that one out)l. But seriously, I would be interesting to know
> how long it would take to crack a key that was more than 8 characters,
> that had both upper and lower case letters, numbers and symbols in it,
> that didn't use the @ for the letter A :-)

I think that is the point. You would be surprised at some of the preshared
secrets in use:

12345678
87654321
password
secret
(companyname)
etc.

Their ultimate recommendation for risk mitigation would be in using a
preshared secret of more than 8 characters, upper and lower case, number and
letters and symbols.


John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: