On Monday 03 July 2006 17:37, Jeff Simmons wrote:
A client is setting up a password policy, and would like to
prevent users
from reusing a password for a period of time (four changes ninety
days
apart). Is there a way to do this, either within the OS or via a
program in
ports? I've been look
er passwords. We are currently working on one that will
handle 13 character strings and hope to have it running by the end of
the year.
Just don't want people to think that they are safe as is not an NP-
complete problem. It is an NP-hard problem however.
CU
Chet Uber
Presiden
problem above is above our
financial capacity or need. We mainly deal with the issues related to
login() and the use of MD5.
If your adversary is the NSA I would not rest assured that it can't
already happen.
CU
Chet Uber
President and Principal Scientist
SecurityPosture, Inc.
3718 N
Not to bicker, but the resources needed to use a database of all
possible passwords even with alphanumerics and salted is very finite
-- albeit large.
OpenBSD's blowfish passwords have 128-bits of salt. A table of all 8
character (lower-case only) alphanumeric passwords would require
2^128 *
Theo,
Also the last I checked obsd still supports MD5
CU
Chet Uber
President and Principal Scientist
SecurityPosture, Inc.
3718 N 113th Plaza, Omaha, NE 68164
vox +1 (402) 505-9684 | fax +1 (402) 932-2130 | cell (402) 813-3211
[EMAIL PROTECTED] | www.securityposture.com
On Jul 4, 2006, at 3:00 AM, Gilles Chehade wrote:
Chet Uber wrote:
Theo,
Also the last I checked obsd still supports MD5
CU
Can you please explain why it should not ?
Can you please find a collision for 3d16b4f76338838044b90ffae5e71cb5 ?
1. No, but you can certainly find the numerous
en pro-active advocacy of new
protocols to deprecate old ones, and removal of a key feature upon
which many tools and protocols are still relying.
You have a valid point and again as I have gotten off topic I am
going to "tap out".
CU
Chet Uber
President and Principal Scientist
ngs under < $50
CU
Chet Uber
President and Chief Scientist
SecurityPosture, Inc.
3718 N 113 Plaza, Omaha, NE 68164
vox +1 (402) 505-9684 | fax +1 (402) 932-2130 | cell (402) 813-3211
-- This communication is confidential to the parties it was intended
to serve --
ng love to share.
They seem open to putting together an OpenBSD-supported SKU and
making it orderable from the web site (I'll strongly recommend
including
an official CD set with each order). Anything else I should ask
about?
I am just a user and not a developer of obsd, but Go, F
Our firm may have the bandwidth, but I have to check with operations.
Will reply in full on Monday. We use obsd somewhere in most of our
client and our own networks and are very interested in issues related
to virtualization.
CU
Chet Uber
President and Chief Scientist
SecurityPosture, Inc
10 matches
Mail list logo
