Focus on Microsoft
Password complexity - improvement Aug 15 2007 06:14AM
dubaisans dubai (dubaisans gmail com) (5 replies)
RE: Password complexity - improvement Aug 16 2007 01:44PM
Jim Harrison (Jim isatools org)
Re: Password complexity - improvement Aug 15 2007 06:39PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net) (4 replies)
Re: Password complexity - improvement Aug 24 2007 09:53PM
Chris Barber (cmbarber gmail com)
RE: Password complexity - improvement Aug 16 2007 09:00PM
Adrian Marsden (amarsden jvsdet org)
RE: Password complexity - improvement Aug 16 2007 04:32PM
Thor (Hammer of God) (thor hammerofgod com) (2 replies)
Re: Password complexity - improvement Aug 16 2007 09:09PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net)
RE: Password complexity - improvement Aug 16 2007 06:50PM
Devin Ganger (DevinG 3sharp com) (1 replies)
RE: Password complexity - improvement (correction) Aug 17 2007 09:29PM
James D. Stallard (james leafgrove com)
RE: Password complexity - improvement Aug 15 2007 10:53PM
Adrian Marsden (amarsden jvsdet org) (1 replies)
Re: Password complexity - improvement Aug 16 2007 03:39PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net)
On 2007-08-15 Adrian Marsden wrote:
> On Wed 8/15/2007 2:39 PM Ansgar -59cobalt- Wiechers wrote:
>> On 2007-08-15 dubaisans dubai wrote:
>>> Is there a way to improve the password complexity requirements in
>>> Windows 2000/2003 servers
>>>
>>> The default will enforce 3 of the following 4 properties -
>>> Uppercase, smallercase, numbers, special-characters.
>>>
>>> Is there a way to enforce all 4 properties.
>>
>> Enforcing passwords that MUST consist of uppercase letters, lowercase
>> letters, numbers AND special characters reduces the total number of
>> possible passwords, which in consequence has a negative impact on
>> your security.
>
> How?
>
> 26*26*10*(however many special characters you want to allow) > 26*26*10

That's true, but your basic assumption is wrong. I'm not talking about
passwords consisting of uppercase/lowercas letters, digits and special
characters compared to passwords consisting of uppercase/lowercase
letters and digits only. I'm talking about passwords that MUST consist
of uppercase/lowercase letters, digits AND special characters compared
to passwords that may consist of ANY combination of those characters
(even combinations that don't consist of characters from ALL groups).

Regards
Ansgar Wiechers
--
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html

[ reply ]
RE: Password complexity - improvement Aug 15 2007 06:12PM
Kunz, Jeffrey T. (JKunz foley com)
SV: Password complexity - improvement Aug 15 2007 05:55PM
Per Thorsheim (putilutt online no)
RE: Password complexity - improvement Aug 15 2007 04:25PM
Bean, John (DSHS) (BeanWj dshs wa gov) (1 replies)
RE: Password complexity - improvement Aug 15 2007 08:44PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)
RE: Password complexity - improvement Aug 16 2007 05:16PM
James D. Stallard (james leafgrove com) (1 replies)
Re: Password complexity - improvement Aug 16 2007 05:49PM
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net)


 

Privacy Statement
Copyright 2010, SecurityFocus