[windows2000] Re: Complex or long passwords?

  • From: Chris Berry <chris_berry-list-windows2000@xxxxxxxxxxxxxxxxx>
  • To: windows2000@xxxxxxxxxxxxx
  • Date: Wed, 08 Dec 2004 18:09:34 -0800

Well it depends on how exposed the login is to the outside world. In any situation where an attacker would have an opportunity to make a brute force attempt remotely before breaking into your system, you'll need to use complex passwords as modern password crackers can bust dictionary word strings in almost no time flat. Even using NTLMv2 a password like library_manager_today could be cracked by LC4 in under 9 seconds. We do use passphrases for some things, but usually only stuff where you would already have to be logged in as a valid user anyways.

Chris Berry
Systems Administrator
JM Associates & Coast Business Service

"The measure of success is not whether you have a tough problem to deal with, but whether it's the same problem you had last year. -John Foster Dulles"

Sorin Srbu wrote:

What's the consensus on this list on easy-to-remember long
passphrases vs short, but complex passwords?

There was a lot of talk about this on the last TechEd Europe, but
AFAICT, there wasn't ever a consensus, not the keynotes I was on at



Sorin Srbu, Systems Engineer            Web: http://www.farmfak.uu.se/organisk/
Dept of Medicinal Chemistry,            Phone: +46 (0)18-4714482 >> 3 signals 
>> GSM
Div of Org Pharm Chem,          Mobile Phone: +46 (0)701-718023
Box 574, Uppsala University,            Fax: +46 (0)18-4714474
SE-751 23 Uppsala, Sweden               Visit: BMC, Husargatan 3, D5:512b

Public PGP key available on request.

() ASCII ribbon campaign - Against html E-mail /\

Harmless tagline follows:

BOFH excuse follows: Electromagnetic energy loss

This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
To Unsubscribe, set digest or vacation
mode or view archives use the below link.


Other related posts: