Spafford On Security Myths and Passwords

An anonymous reader writes "In a recent blog post, Eugene Spafford examines password security along with related issues and myths. In particular, he discusses how policies that may not necessarily make much sense anymore end up being labeled 'best practices,' and then propagated based on their reputation as such."

huh?

[farker+haiku]

Cracking is when an intermediate form of the password (e.g., an encrypted form stored in the authentication database) is captured and attacked algorithmically, or where iterated attempts are made to generate the password algorithmically. The efficacy of this approach is determined by the strength of the obfuscation used (e.g., encryption), the checks on bad attempts, and the power and scope of the resources brought to bear (e.g., parallel computing, multi-lingual databases).

So, if I capture an ntlm hash, and run it through a rainbow table, how in the hell is 3 checks on bad logon attempts or parallel computing going to do anything? Excuse me mr expert, but I think you need to STFU.

n00b.