[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ms
Subject: Re: Password complexity - improvement
From: "Chris Barber" <cmbarber () gmail ! com>
Date: 2007-08-24 21:53:03
Message-ID: b5c8f6f70708241453v6c03e54apa58c53f51508bab1 () mail ! gmail ! com
[Download RAW message or body]
You may have reduced the number of usable character combinations in a
fixed character password. But if I simply add the requirement of
having all 4 character types and leave the upper limit open, I have
just increased the keyspace astronomically.
Example
with password length fixed at 7 characters here are some numbers to look at:
Lower case only password has a keyspace of 8,031,810,176
Upper & lower case keyspace = 1,028,071,702,528
Upper, lower case & numbers = 3,521,614,606,208
Upper, lower, number & Special = 75,144,747,810,816
for a 10 Character password
Lower case only password has a keyspace of 141,167,095,653,376
Upper & lower case keyspace = 144,555,105,949,057,000
Upper, lower case & numbers = 839,299,365,868,340,000
Upper, lower, number & Special = 66,483,263,599,150,100,000
So, I do not agree that it is a negative impact on security.
Chris.
On 8/15/07, Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net> wrote:
> On 2007-08-15 dubaisans dubai wrote:
> > Is there a way to improve the password complexity requirements in
> > Windows 2000/2003 servers
> >
> > The default will enforce 3 of the following 4 properties - Uppercase,
> > smallercase, numbers, special-characters.
> >
> > Is there a way to enforce all 4 properties.
>
> Enforcing passwords that MUST consist of uppercase letters, lowercase
> letters, numbers AND special characters reduces the total number of
> possible passwords, which in consequence has a negative impact on your
> security.
>
> Regards
> Ansgar Wiechers
> --
> "All vulnerabilities deserve a public fear period prior to patches
> becoming available."
> --Jason Coombs on Bugtraq
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic