Results 1 to 7 of 7

Thread: Microsoft really seems to change its security policy

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    429

    Microsoft really seems to change its security policy

    Check out this link 4 the proof that m$ is tightning security.

    Click here



    J.

    What was my password again?

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    310
    Erm... i don't get it?
    script language=\"M$cript\";
    function beginError(bsod) {
    return true; }
    onLoad.windows = beginError;

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    429
    Your password must be at least 18770 characters and cannot repeat any of your previous 30689 passwords. Please type a different password. Type a password that meets these requirements in both text boxes.
    Could you remember a 18770 char passwd?

    I sure as hell couldn't!


  4. #4
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Well, I'm gathering that's a bogus error. If it didn't pass the dictionary check, it would return something like "Password is based on a dictionary word" and ask for another. There are a number of reasons why this scheme wouldn't work.

    1: passwords are only authenticated up to a certain length, with the most being 12 (I think). With that said, with good encryption on a *12* character alphanumeric password, it's gonna take a while to break that one. Most *nix boxes still run the usual login, which authenticates on the first 8 characters of the password, regardless of length. I don't know what MS does for this but if it's similar, then passwords greater than 8 won't be authenticated after the 8th character.

    2: storage of a password that length?! Holy shite... Add in the fact that it'd be encrypted and you're storing something greater than 20k chars...riiiiiight. Once again, bogus number.

    I'm guessing someone fat-fingered code at MS (big surprise there) and put in some outrageous numbers. They seem static if they posted the page with the message.

    Just my two cents.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  5. #5
    Agreed - no one can remember a 18770 character length password - that's damn near impossible. This has to be a mistake on Microsoft's part (what, how could that happen, oh my god! ). Hell, a password with 20 characters would be hard enough to break - and it's partly feasible because I guess users could remember a 20 character password. Well, on second thought, SOME users could remember a 20 character password.
    - Maverick

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    681
    yeah... the article was saying that "if you get that error... here is how to fix it." it's a bug, not a new security measure. this was all stated in the article.

  7. #7
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Lol! It looks to me like someone at MIT (or graduated from it) wanted to be funny... There is a reference to MIT in there, I'm not sure if they really mean something other than the university with the same Acronym, but getting that into the knowledge base would be a good "MIT Hack".
    [HvC]Terr: L33T Technical Proficiency

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •