[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password

To: Ron Chmara <ron@opus1.com>
Subject: Re: Password
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 15 Nov 2000 14:10:13 -0800
Cc: Cristiano Fujii <cristiano@veritel.com.br>, LDAP-General <openldap-general@OpenLDAP.org>
In-reply-to: <3A12FDB4.D5B2F218@opus1.com>
References: <3A12C432.F02D2625@veritel.com.br>

At 02:18 PM 11/15/00 -0700, Ron Chmara wrote:
>An easy password can be broken in minutes to hours. A complex password
>(say, 25 random characters) may take days to years.

Please note that the exhaustive search of the key space
of a traditional UNIX crypt(3) password can generally be
obtained in less than a day on a modern computer.  This
is due to restrictions upon the key space (password length,
characters allowed, etc.) and the algorithm used (which
is DES based, but handicapped in a number of ways).

I have two points to make:
  1) use a stronger password scheme such as {SSHA}
  2) protect values as if they were clear text passwords

Kurt

References:
- Password
  - From: Cristiano Fujii <cristiano@veritel.com.br>
- Re: Password
  - From: Ron Chmara <ron@opus1.com>

Prev by Date: Re: Password
Next by Date: Best way?
Index(es):
- Chronological
- Thread