Defensive Security Handbook by Lee Brotherston
Author:Lee Brotherston
Language: eng
Format: epub
Publisher: O'Reilly Media
Published: 2017-04-07T04:00:00+00:00
8 characters at upper- and lowercase equals 52^8. Still not the best, will crack in < 6 hours.
8 characters at uppercase, lowercase, and numbers equals 62^8. A little better, will crack in < 24 hours.
10-character passphrase with uppercase, lowercase, numbers, and symbols 94^10. Approximately 600 years.1
Rainbow tables are a relatively modern twist on the brute-force attack as the cost of storage has become cheaper, allowing for a processing time/storage trade-off. A rainbow table contains a list of precomputed and stored hashes and their associated cleartext. A rainbow table attack against a password hash does not rely on computation, but on being able to look up the password hash in the precomputed table.
While long and complex passwords won’t matter if the backend encryption is weak or there has been a breach involving them, it will protect against brute-force attacks.
Teaching users and requiring administrators to create complex passwords is an overall win for everyone. One way of making secure passwords easier to remember is using phrases from books, songs, expressions, etc., and substituting characters. They then become a passphrase instead and are inherently more secure. For example:
Amanda and Lee really love their password security = A&LeeR<3TPS
Another learning opportunity for end users, and possibly even an enterprise-wide shift in process, would be to not trust others with passwords. Helpdesk staff should not be asking for passwords, ever, period. Users should be educated to the fact that no one in the organization would ask for their password, and to do the right thing and report anyone who does. The idea of keeping passwords to yourself doesn’t only apply to humans. Internet browsers store passwords encoded in a way that is publicly known, and thus easy to decode. Password recovery tools, which are easily available online, enable anyone to see all the passwords stored in the browser and open user profiles.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7808)
Grails in Action by Glen Smith Peter Ledbrook(7719)
Azure Containers Explained by Wesley Haakman & Richard Hooper(6816)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(6815)
Running Windows Containers on AWS by Marcio Morales(6332)
Kotlin in Action by Dmitry Jemerov(5089)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(5055)
Combating Crime on the Dark Web by Nearchos Nearchou(4630)
Microsoft Cybersecurity Architect Exam Ref SC-100 by Dwayne Natwick(4585)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4437)
The Ruby Workshop by Akshat Paul Peter Philips Dániel Szabó and Cheyne Wallace(4319)
The Age of Surveillance Capitalism by Shoshana Zuboff(3978)
Python for Security and Networking - Third Edition by José Manuel Ortega(3881)
The Ultimate Docker Container Book by Schenker Gabriel N.;(3539)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3528)
Learn Wireshark by Lisa Bock(3501)
Mastering Python for Networking and Security by José Manuel Ortega(3376)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3355)
Blockchain Basics by Daniel Drescher(3322)
