Date: Wed, 19 Jun 2002 15:47:36 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: Eric F Crist <ecrist@adtechintegrated.com> Cc: freebsd-security@FreeBSD.ORG Subject: RE: Password security Message-ID: <20020619153600.U32240-100000@ren.sasknow.com> In-Reply-To: <002101c217a7$e3c28ab0$77fe180c@armageddon>
next in thread | previous in thread | raw e-mail | index | archive | help
Eric F Crist wrote to 'Ryan Thompson': > Just curious, what kinds of things are you trying to secure that the > basic password system hasn't worked for you? Enough valuable company data to *not* trust staff passwords with an effective 20-30 bits of entropy. :-) Even most "well-chosen" passwords that can be remembered have very limited entropy. (With the exception of good approaches like that suggested by Bill M). The point of my original post (which is being rather clouded by some of these very interesting replies :-) was to do a little (or a lot) better than the passwords that users typically pick, with the use of a human-readable generated token system, as opposed to simply remembering a shared secret that can be broken with a dictionary attack plus brute force in a matter of hours. > I personally have done work for people like the Minnesota Dept of > Agriculture in this area for building and network security, and it > has worked wonderfully for the last 4 years. Just curiousity on my > part. ;) Understood :-) - Ryan -- Ryan Thompson <ryan@sasknow.com> SaskNow Technologies - http://www.sasknow.com 901 1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-664-3630 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020619153600.U32240-100000>