-
September 15th, 2004, 01:23 PM
#1
PassWORD or PassPHRASE?
In a conversation regarding Rainbow Tables on Bugtraq there was a link to a rather interesting article, (Blog), by Robert Hensing, a senior member of Microsoft's Incident Response Team, entitled:-
Why you shouldn't be using passwords of any kind on your Windows networks . . .
It's well worth a read along with some of the responses..... Food for thought.
The article
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
September 15th, 2004, 01:35 PM
#2
I attended a recent Microsoft Security Seminar where they too STRONGLY pushed for the replacement of Passwords with Passphrase. And as the article that Tigershark linked to pointed out, there are a number of good reasons for this.
In the end thou, I was unable to convince the management in my company to make the change over., thou I was able to get rid of all the "weak" passwrds that MBSA reported. I personally have switched over to passphrase for my own systems and do not find it is harder to remember OR making logging in more difficult.
~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!
-
September 15th, 2004, 03:13 PM
#3
Interesting but not that surprising IMHO. It is already known that the length of a password/phrase is more important that its complexity. This method allows very long passwords that can be easily remembered.
The weakness would seem to be that it uses proper words? I am surprised to see that he didn't recommend using two languages for the phrase. That would certainly strengthen it considerably I would have thought.
Cheers
-
September 15th, 2004, 03:29 PM
#4
I've been using passphrases since I don't know when..
And allways recommend users to do so..
Not only is it easier (humans think in sentences, not in signs) also for the above pointed out length of password..
So what's next..
pass limericks, pass poems..
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !
-
September 15th, 2004, 03:31 PM
#5
While he didn't "push" the point he did mention that the use of uppercase and special characters significantly improved the passPHRASE strength, (which is a tad obvious since it increases the character set significantly). He also mentioned that the addition of numbers didn't help password strength, (it's only 10 more characters after all), but IMO, anything helps.
Funny he didn't mention the use of extended ASCII, (though it was mentioned in the follow-ups), since that adds a further 128 to the character set and AFAIK, there isn't a password cracker out there in the public domain that takes the extended ASCII set into consideration. That's the quickest and easiest way to extend brute force time though. Even Rainbow Tables for the entire 255 character set would take months to build and Terabytes of storage making it impractical for the average person to even consider.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
September 15th, 2004, 04:16 PM
#6
We have been using passphrases on our system for a while now. We use them for the more sensative acounts like the domain administrator acount and for service acounts where the password doesnt change and you only need to use it when you set up a new server. I find them much easier to remember than passwords, especially at three in the morning when you really need that f*/-*% password.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
September 15th, 2004, 06:42 PM
#7
I recall a thread here, don't recall where
about how to generate a passphrase.
So I take a line from a song [One I like, obviously] and use that, and for the spaces, there I use symbols.
Works for me; and I haven't 'lost' a password since..............
One point re:- spaces:
I did read that using the spacebar in your password/phrase is NOT a good idea, in case someone is watching .......... spacebar makes a distinctive sound ..............
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
September 15th, 2004, 07:27 PM
#8
Member
My Hushmail account uses passphrases and this is the first time I have been introduced to them. I find it a lot easier to remember than the other 10 passwords that are floating around in my brain!
There wasn\'t any paper used here, but millions of electrons were terribly inconvenienced
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|