Re: US Military bans HTML in emails

Arne Vajhøj wrote:
AEF wrote:
Arne Vajhøj wrote:
David J Dachtera wrote:
Bill Gunshannon wrote:
Not in the real world. Good enough doesn't cut it when someone higher
than you says, "The corporate standard is MS Word."
...until the(ir next) multi-billion-dollar outage due to malware. Then, the
higher-ups face turn-over while the workers bees burn the midnight oil to clean
up the mess.
There were some real bad incidents 3-5 years ago.

No move from Windows then.

Now the MIS departments has tightened security.

You mean like requiring 6-character passwords to now be "complex"?
Yeah, that'll stop 'em!!! ;-)

OK, maybe they're actually doing some more useful things.

More as in:
min 8 characters
min 1 uppercase
min 1 lowercase
min 1 digit
min 1 punctuation

Or as in email scanners that removes all EXE, BAT etc. from attached
ZIP files in inbound email.

Arne

It turns out that you get a lot more bang for the buck by requiring
longer passwords. Complex passwords are not that much harder to crack.
Most characters will be lowercase. Puncutation will almost certainly be
limited to periods, hyphens, and commas. This greatly reduces the total
number of possible combinations comapred to a random character for each
character. Hackers already know this trick.

If you sit down and calculate it, you'll find that complex passwords
aren't worth the trouble (I'll post some numerical examples later when
I have more time). Some say that users will write down passwords
anyway. (So why lock your door? Burglars will get in anyway!) I say
*more* users will write down complex passwords and they'll hate it a
lot more than adding a few characters to the minimum length. You'll
probably also get more help desk calls for complex-password resets.

Here's an article from infoworld (I can't find the original articles
right now, I'll post them later).

http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/06/11/10/46OPsecadvise_1.html

I've seen passwords with zeros for O's and 3's for E's. What hacker
could break through this fortress of security? Trying zeros for O's and
3's for E's? What hacker ever think of that? This is like a mild speed
bump where as increasing the length a few characters is more like huge
mountain. It's like putting your wallet in the toe of your sneaker as
you go into the water at the beach. Yes, it incerases the total
possible number of passwords, but not by much. See the link I provided
for more detail.

AEF

AEF

.

Relevant Pages

  • Re: US Military bans HTML in emails
    ... Now the MIS departments has tightened security. ... You mean like requiring 6-character passwords to now be "complex"? ... the need for non-alpha characters. ... I assume here that the hacker has somehow obtained a backup tape ...
    (comp.os.vms)
  • Re: US Military bans HTML in emails
    ... Complex passwords are not that much harder to crack. ... Consider a password with a choice of X different characters for each ... takes using all upper- and lowercase letters, ...
    (comp.os.vms)
  • Re: US Military bans HTML in emails
    ... You mean like requiring 6-character passwords to now be "complex"? ... Complex passwords are not that much harder to crack. ... Most characters will be lowercase. ... What hacker ever think of that? ...
    (comp.os.vms)
  • Re: US Military bans HTML in emails
    ... You mean like requiring 6-character passwords to now be "complex"? ... the need for non-alpha characters. ... what about all those machines ... I assume here that the hacker has somehow obtained a backup tape ...
    (comp.os.vms)
  • Re: US Military bans HTML in emails
    ... Complex passwords are not that much harder to ... Consider a password with a choice of X different characters for each ... takes using all upper- and lowercase letters, ... I can see only two advantages of complex passwords: ...
    (comp.os.vms)