Security Basics
Re: Bank Of Montreal Online Security Oct 30 2012 11:55AM
Alexander Meesters (a meesters sansyl com)
i dont think brute-force is the issue here, most likely a attack on such a system would be by sql-injection, once they have the credentials its easy enough to utilize rainbow tables in order to get a useable password.

although its unlikely a bank would use a unsave hashing algorithm like md5 or sha1, the rainbow tables available today for those algorithms are up to 12 characters in length.

IMHO they, and for that matter, everybody are far better off using pass-phrases, for example:"i do not like waffles", or "my 2 grand kids are awesome!"
its both easy memorable and though to crack, and far exceeds any available rainbow table out there!

just my 2 cents,

Alex

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus