LISTSERV - HP3000-L Archives

HP3000-L Archives

February 2006, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L February 2006, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: passwords
From:	Art Bahrs <[log in to unmask]>
Reply To:	[log in to unmask][log in to unmask], 12 Feb 2006 13:19:59 +0000300_- I think Kent is using Jumbo datasets not LFDS. His company has been on Amisys for many years and would have a difficult if not impossible task of converting Jumbo datasets to Large File Data Sets. Kent, please let me know if I am wrong since I have not seen your data in several years. [...]40_12Feb200613:19:[log in to unmask]
Date:	Wed, 8 Feb 2006 14:49:33 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (81 lines)

Hi Greg :)
     Check out the CISSP Prep Guide by Ron Kurtz (sp) (white cover with
weird checkerboard like pattern of colors) for some of the math you are
asking about...

     Short answer ... yes, If I know you require no less than 7 characters
and no more than 8 characters ... then I won't launch an attack at you
using 4 character passwords... much quicker...

     Better answer: No time difference because your system should lock any
and all accesses out after no more than 3 missed authentication attempts
and should alert your pager via the method of your choice if your threshold
for failed attempts by bad user name is exceeded.

    <Plug Alert>
     Counterpane Internet Solutions can do this very well... for a price...
and yes we do use them... you will find our Chief Information Security
Officer quoted all over their website!   And other than a good conference,
a baseball hat (good for us bald guys! hehe) and a tee-shirt no influencing
agents have been applied hehehe
    <Plug Alert Off>

Art "just a thot or two " Bahrs
=======================================================
Art Bahrs, CISSP           Information Security          The Regence Group
(503) 225-4992              FAX (503) 220-3806


                                                                           
                "Greg Stigers"                                             
                <gregstigers@S                                             
                PAMCOP.NET>                                             To 
                Sent by:               [log in to unmask]              
                "HP-3000                                                cc 
                Systems                                                    
                Discussion"                                        Subject 
                <HP3000-L@RAVE         Re: [HP3000-L] passwords            
                N.UTC.EDU>                                                 
                                                                           
                                                                           
                02/08/2006                                                 
                01:04 PM                                                   
                                                                           
                                                                           
                Please respond                                             
                      to                                                   
                "Greg Stigers"                                             
                <gregstigers@s                                             
                 pamcop.net>                                               
                |------------|                                             
                | [ ] Secure |                                             
                |     E-mail |                                             
                |------------|                                             
                                                                           




<<<< snip >>>>

I suspect that finding out a company's password complexity requirements
cuts
the time to brute force dramatically, by allowing one to not test for
simple
passwords. I have no idea how to work out the math on that one.

Greg Stigers

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *




 =============================================================================
IMPORTANT NOTICE: This communication, including any attachment, contains information that may be confidential or privileged, and is intended solely for the entity or individual to whom it is addressed.  If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message is strictly prohibited.  Nothing in this email, including any attachment, is intended to be a legally binding signature.
 =============================================================================

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU