[antiRepublicrat]

So what. Password-salting is a mitigation against crackers, as well.

Salting is a simple common practice in cryptography that was in place long before Microsoft made NT. Microsoft's inability to follow common practice simply resulted in another weak link in the security chain.

So, tell us, given a Windows box with EFS installed and 14+ character passwords, how long is it going to take you to crack the passwords?

Okay, exactly how many systems out there does that apply to? I've already told you what Rainbow Crack can crack, and it applies to all but a tiny fraction of home, corporate and government Windows systems out there. That is a security problem.

[Bush2000]

Salting is a simple common practice in cryptography that was in place long before Microsoft made NT. Microsoft's inability to follow common practice simply resulted in another weak link in the security chain.

Yet again, salting does not make passwords unbreakable. So you're not making any point.

Okay, exactly how many systems out there does that apply to? I've already told you what Rainbow Crack can crack, and it applies to all but a tiny fraction of home, corporate and government Windows systems out there. That is a security problem.

Look, here's the challenge. I'll use strong passwords. I'll encrypt my filesystem with EFS. You tell me how long it's going to take you to (1) crack EFS and get the hashes, and (2) crack the hashes and give me plaintext passwords.

[for-q-clinton]

Okay, exactly how many systems out there does that apply to? I've already told you what Rainbow Crack can crack, and it applies to all but a tiny fraction of home, corporate and government Windows systems out there. That is a security problem.

It's a waste of time to talk to antiRepublicrat. He argues in circles and will admit to nothing. Even when proven (via links) wrong he'll just change topics and extend the point to something else. He's just upset that Linux's one user experience that's better than windows is that it doesn't require as long of a password for the same level of password protection. Oh ya, he didn't realize that's what salting was early on, so he made it out like it was something it wasn't and is now trying to safe face by arguing meaningless items (and changing between OS's to make points).

Even his fellow OSS guys have left him alone on this thread because they don't want to be embarrassed by association.