Enforce Full or Selective Complexity on Passwords?
-
@MattSpeller said:
Rainbow tables are awesome at getting a percentage of a large number of passwords, against a single one there is probably a break even point where the complexity of your tables outweighs just brute forcing it.
$0.02 go for length over complexity any day.I think the biggest question would be "is this a one time attack" or do you "attack passwords on a recurring basis." Funny, but it becomes a "business of hacking" question rather than one strictly of the technology involved.
-
@scottalanmiller said:
I think the biggest question would be "is this a one time attack" or do you "attack passwords on a recurring basis." Funny, but it becomes a "business of hacking" question rather than one strictly of the technology involved.
Probably a good paper somewhere in there - economics of hacking? I'd read it.
-
@scottalanmiller Thanks!
-
Saw this tonight in reference to requiring password changes every ninety days.
-
Bring out the ol' bocket-o-slap and apply liberal servings to the post-it bandits.