Friday, February 18, 2005

Not Using Passwords

This password article from a few days ago had me thinking some more. Upon re-reading the article:

1) The biggest problem with passwords vs passphrases seems to be after an intruder gains access to your network. The intruder can then pick up your password hashes and look them up in pregenerated tables, reversing your password.

2) The problem has apparently been solved in most modern non-MS operating systems. Quoting from the Slashdot comments: "Everybody else mixes random salt bytes into passwords prior to hashing. Unix was doing this over 20 years ago. Modern systems use long (16+ character) salts that make precomputed hash tables infeasible for many years to come." I tried this out, by using passwords/phrases of different lengths, and found that the encrypted password text was quite long in any case.

One more reason not to use Windows, and I wasn't even looking for this one.

No comments: