Posted on 08/26/2005 6:31:03 PM PDT by Bush2000
Really, how do you propose to crack a decent Linux password in a short enough amount of time? Owning the computer is one thing, but owning the passwords of possibly several people has implications far beyond that one computer and onto the network.
Sadly, you're so preoccupied with proving that one or the other is "inferior" that you completely miss the point.
Yet it is inferior. Period. You bring other sensible precautions into the mix, but that is outside of the subject that Windows passwords can be easily cracked. It is a tiered approach, and this one tier is inferior unless you use third-party add-ons to make up for Microsoft's lax security.
But could have easily found out. Come on, NO ONE negotiated with IBM from a position of power back then. NO ONE. It's like saying a small software vendor these days could negotiate with Microsoft from a position of power. It's just not going to happen. If they get too obstinate, Microsoft will just buy them, or destroy them first and then buy up the remnants. And IBM in its heyday was even meaner than Microsoft has ever been.
Just wake up and realize that IBM thought the money was in hardware and services and didn't really care too much about the OS. That is why Gates could request non-exclusive licensing and get it. I'm not saying he wasn't smart for requesting it. Bill was and is an amazing businessman. Unfortunately for us, he puts the business of selling software above the quality of that software.
Of course you can't -- because it's a fantasy.
Fantasy? After reading how it's accomplished, if you knew anything about computers, you could see why the Classic environment can be faster. It ran as native code on the hardware, just like any application would, but without the hindrance of its horrible virtual memory system.
A great number of those guys (like their counterparts in the private sector) are mind-numbed bureaucrats with absolutely zero clue about what they're buying
And that's where you get the Microsoft/Dell duopoly in Army IT purchasing. Most don't know any better. The few intelligent ones actually go out and look for the best system -- enter the Mac systems I know about.
But it doesn't guarantee that passwords will be compromised, unless it's on a Windows machine. Yes, certain things can be done to mitigate the damage -- if they're done. Until then, you're relying on a level of password security that UNIX deprecated years ago because it wasn't considered secure enough anymore.
As you supposedly know, security is the sum total of everything you do to secure a system or a network. Any one thing might sound insignificant, but it all adds up. Having passwords that are not easily cracked is one of them, and Microsoft with its lax approach to security did not see fit to implement this one simple thing that everybody else knew about long ago.
Now you're just arguing for argument sake as I clearly stated that the Linux salting is better for the user experience because it allows the user to have a shorter password with the same level of security that a longer Windows password provides.
Really I think you just argue in circles from one point to the next never admitting your wrong and when you are proven wrong you just go to a new topic, but this time you got "busted". You jumped to a topic that was never an issue.
Nice try. I believe this thread is over now. BTW: what does any of this have to do with the subject of this article?
Also don't let him sucker you into the inferior debate. The simple truth is linux allows users to have a shorter password (with a little modification). With windows you need to increase the password length to include the linux salt + password length to have the same or better protection. However, if that isn't good enough they can simply replace either the Gina or the crypto provider.
But to say Windows is inferior in allowing the password to be shorter...whoopdie do. When linux catches up on the user experience then they can talk about having something better for the user. A shorter password isn't worth changing platforms.
That is a flat out lie! I'll bet you your yearly salary that you can't do that on my windows box. Also the Linux box IS vulnerable if the password length and salt isn't long enough. The same applies to Windows. Geesh, it's like I'm talking to someone that has no short term memory.
Wow guarantee. Sounds like I'm going to owe you your yearly salary. Should be an easy bet for you to take. Where would you like me to mail the hard drive to. Better yet, I'll even take the hashes off for you and email you the hash.
So the rules of the bet.
I send you a hash table of Windows passwords from my system. You get 15 days to crack every single password on the system (it won't be more than 100 hashes). If you fail I win--you pay me one year of your salarly. If you succeed you win--I pay you one year of your salary. If you can't crack any passwords I win double your salary. You provide me a linux hash table of equal # of hashes. If I crack any of the passwords I win double your salary.
Your salary is determined based you last years income tax statements.
Chassis: Lian Li V-2000
Power: 480W
Motherboard: Tyan Thunder KBWE (S2895)
CPU: Dual Opteron 275's
CPU Cooling: Zalman CNPS700B's
Memory: Corsair Standards 3-3-3-8 (2X1GB)
Storage: Dual Toshiba 60GB Raid-2 (mirrored)
Video: NVidia Quadro FX-4400
(Just Kidding) - What makes you think hardware has anything to do with it? I'm running a P3 at 650 Mhrz w/ 500MB of memory and 40 Gigs of Storage. That above it what I am building, thought I hope to go with the lower latency Corsairs 2-3-2-5 (I think), if I can afford them.
You won't be hearing from him again. Guys like him don't mind putting their zealotry out there when their butts aren't on the line. As soon as you try to make them accountable to reality, all bets are off...
Show me the smallest amount of evidence that IBM, the world's largest multinational computer corporation, wasn't capable of finding what it wanted. Bill offered something, and they were happy with the terms, period. Bill would not have gotten his non-exclusive deal if IBM didn't want to allow it.
You don't have even the slightest form of objective proof; therefore, what you're saying here is nothing more than a poorly formed opinion.
here. Neck and neck in most places, behind in some, ahead on others. And this was on a 768 MB machine, pretty generous for that day. Machines with less RAM do better since native OS 9 would be using its outdated virtual memory more. Application launch times are also generally much faster in Classic than native.
Steve Jobs decided to ditch the entire hardware platform and start from scratch on x86. Not long ago, you and other Mac zealots were criticizing x86 hardware.
Jobs ditched because IBM wasn't supporting the platform. The PPC had a great architecture with great capabilities and lots of room to grow, but that doesn't mean anything if the vendor won't continue R&D and constantly has supply problems.
I still stand by my criticism of Intel's P4-based architecture, as well as Intel's design for dual-core (Intel recently admitted it was badly slapped together). Both the PPC and AMD are far superior in every way. But Jobs knew something we didn't at the time of the switch decision -- details of Intel's roadmap. This roadmap includes much more efficient processors that no longer subscribe to the P4's "clock is everything" philosophy, continuing where Intel is with the Pentium M (which I've had praise for in this forum).
My only guess as to why Apple chose Intel over AMD is the massive discounts that only Intel is capable of giving its prominent customers.
I don't have the table so I can't take your bet. But I can tell you absolutely that if your passwords are 1-14 characters in length, created by the standard Windows password system, and consists of any mix of the characters "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ " every password on the system WILL BE CRACKED with a probability of 99.9%. Simple fact. And it covers the passwords used by almost all Windows users.
How about I buy the list, you give me remote access to your machine, have a thousand passwords conforming to the above and if I can't crack them with a 99.9% success rate, you win.
You provide me a linux hash table of equal # of hashes. If I crack any of the passwords I win double your salary.
That is a bet with a vast probability of loss. There is no way you can physically compute that number of hashes, even with a mainframe, and no lookup table big enough exists, even for a 14-character password. You would simply have to make the one in a billion (or less) odds that you get it in time. John the Ripper only works against weak Linux passwords.
I also love how you one-side your proposals, with you getting double in several cases.
It still amazes me that you aren't capable of admitting Windows is inferior in something. Your loyalty and devotion to Microsoft must be supreme. I'll show you how you can admit things because the platform isn't a religion to you. OS X Server has performance problems in some applications. Linux is not ready for the general desktop. See, it's easy. Now you try it: "The Windows password system is weak."
There, doesn't just admitting the truth feel better?
You know as well as I do that it's not about short passwords, but about your good passwords being unbreakable. If you or q want to go on user experience, we can talk right now because OS X has stronger passwords and a better user experience.
climbing back from 86.6 % to 87.2% last month.
Statistically, these numbers have no meaning.
Mitigation, mitigation, mitigation. That's what Windows security is all about. Got something unsecure? Turn it off or hide it. ActiveX a gaping security hole? Turn it off. Cached passwords a gaping security hole? Turn it off too. If we're turning every feature off because it's a security risk, then why would security-conscious company include them in the first place?
And you completely miss the point. In the industry is the concept of an acceptable password. It varies, but it's usually between 8-12 characters, no dictionary, varying amount of numbers and symbols required. Passwords outside this wherever there is a password policy are rare, if not non-existant (I've never seen them). Windows and Linux have very easy methods to enforce this, even network-wide.
So the point is that the decent passwords are breakable on Windows, but not on Linux. Pretty severe passwords (stronger than any password policy I've seen, even in a classified environment) are breakable on Windows. A Rainbow Crack for Linux would say "only breaks up to six-character passwords" and most of us would consider that to be mostly useless. We can maybe hope to grab a few passwords on home machines with no known probability of success. Meanwhile, Rainbow Crack can crack 99.9%+ of Windows passwords in use today.
These are simple facts, not that difficult really.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.