On Sat, 2004-10-16 at 09:46, Tim wrote: > Even if this was a new attack, a full rainbow table shouldn't be > possible against a secure hash. True if the hashes are salted. (with more than one byte please, otherwise they just use 256 DVDs :) > "Pass-phrase LENGTH, not complexity defeats these attacks." > > Not if your hashes are chunked like some (all?) of M$'s. Precomputed > chunks with a good lookup table defeats longer passwords. It's a nice recommendation of MS to make (to use long passphrases instead of passwords). But I don't consider 14 chars a "passphrase". Perhaps they should enable more/all password components to handle much longer passwords/phrases. Let me guess, that will all be fixed in Longshot. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part