You’re probably aware that our Distributed Password Recovery works with Lotus Notes ID files (as well as with two dozen other file formats, of course). Some sad news: in latest versions of Notes (8.5), encryption has been improved. In older versions, only 64-bit and 128-bit RC2 options were available, but now you can also use AES (128-bit or 256-bit). Well, encryption itself does not actually matter, but the problem is that password verification routine is not much better (worse?) as well: 5,000/10,000 SHA-1 cycles have been added. EDPR will be updated accordingly to support new format (you can subscribe to our mailing list to be notified), of course, but don’t expect the high recovery speed: we can get several hundred passwords per second only. For older versions of Notes, the speed was ~100,000 passwords per second or higher.
Posts Tagged ‘Security’
lifehacker has started a series of posts on choosing and using secure passwords. Few days ago they published a list of handy tips from their readers on how to create passwords you can rely on. One of the readers admitted that in a company he works for IT administrators require password change every 30 days and
it just results in workers picking the easiest password that meets the requirements – as in a MM/YYYY-style password.
Sounds like it’s time to rethink password policies. What are your ideas?