Eight is too many characters for strong passwords
Eight may be a good number at the craps table in Las Vegas, but it is the worst number for a minimum password length. Seven is the best password length, but passphrases may be your best option. (See SecurityFocus.com for details on the weakness of the LanMan password hash.)
Because of human nature, a policy that requires "password complexity" and a minimum password length of eight will result in the majority of users picking passwords that are exactly eight characters long. The complexity part -- usually a number or special character -- often ends up as the eighth character of the password. This complex eight-character password becomes two passwords: a seven-character, all-uppercase alphabetical password, and a one-character number or special-character password.
When a computer stores the LanMan hash for this password, it first makes the characters uppercase, then chops the password into two, seven-byte halves: "SNOWMAN" and "!" (Note: The LanMan hash is not stored by default on Vista and Windows 7 systems).
know more : lanman server
Because of human nature, a policy that requires "password complexity" and a minimum password length of eight will result in the majority of users picking passwords that are exactly eight characters long. The complexity part -- usually a number or special character -- often ends up as the eighth character of the password. This complex eight-character password becomes two passwords: a seven-character, all-uppercase alphabetical password, and a one-character number or special-character password.
When a computer stores the LanMan hash for this password, it first makes the characters uppercase, then chops the password into two, seven-byte halves: "SNOWMAN" and "!" (Note: The LanMan hash is not stored by default on Vista and Windows 7 systems).
know more : lanman server
Comments
Post a Comment