[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Passwords in libranet
Hi Roger:
You are right in saying that if someone wants in they will get in. The
addage I am most familiar with is that in the battle between warhead and
armor, warhead eventually wins.
However, the main purpose of security is to make getting into your box
take more time and be more trouble than the cracker is willing to spend.
The longer and more complex the password, the harder this becomes. If
the password can be found in the dictionary, it can be cracked in about
45 seconds. Making it at least 7 letters and numbers turns the cracking
time to 8 hours. when you go to 8 special characters and number and
letters in random (in other words, not using dictionary words) this time
now moves to a period of days instead of hours.
I have also recently seen a way of using Crack as a distributed process
which pounded the living daylights out of a shadow file and cracked 38
passwords out of a 350 password file in 10 minutes. That was using 12
900MHz Athlons together.
I personally use words from languages other than the most commonly
spoken in my country, special characters, and numbers for my passwords.
I am finding that the newer, brute-force crackers, dont really care
about dictionary files, but simply use combinations of characters to
crack a file. Peace, Dennis in Waco
Roger Micone wrote:
>
Well on the other hand how is that a security weakness. And choosing
unguessable non-dictionary passwords are teh first line of defense.
>
> Are there any flavors of unix that do not have this vulnerability?
>
--
The archive is at https://www.libranetlinux.com/archive.html
To unsubscribe, send email to [email protected]
with a subject of UNSUBSCRIBE.