Firewall Wizards mailing list archives
RE: "Proactive" Password Checking
From: "daN." <dan () nesmail com>
Date: Fri, 12 Nov 1999 12:55:36 -0800
Now consider the password "maryhadalittlelamb" hard to crack, easy to
remember, not a >problem for dictionary crackers. Just tell users to put a few words _together_ for >security, like their favorite song lyric or something.
that would be truncated to 'maryhada' which happens to actually be in my password dictionary...even if it wasn't popular password cracking programs will combine words in your dictionary as well as use words back and forwards with diffrent cases, and the more users you have the more likely they are to grab at least one password this way..If your technique where to work at all you would need to make several changes, add random capitolization, and add at least one none numerical non alpha character to your password. But even with these rules in place you make a brute force attack slightly easier because when you set rules on a password you are minimizing the maximum amount of possible passwords. So it comes right back to the best password is an absolutely random one(which you should still run a dictionary attack against just in case it randomly ends up being something that doesn't look so random :) ). Dan Steele Network Administrator WestNet Management Corp.
Current thread:
- RE: "Proactive" Password Checking, (continued)
- RE: "Proactive" Password Checking Kurt Buff (Nov 06)
- Re: "Proactive" Password Checking Frank O'Dwyer (Nov 18)
- RE: "Proactive" Password Checking Moore, James (Nov 06)
- RE: "Proactive" Password Checking Russ (Nov 06)
- Re: "Proactive" Password Checking REID FOX (Nov 06)
- RE: "Proactive" Password Checking Moore, James (Nov 08)
- RE: "Proactive" Password Checking Russ (Nov 09)
- RE: "Proactive" Password Checking Eric Toll (Nov 10)
- Re: "Proactive" Password Checking Joseph S D Yao (Nov 10)
- Re: "Proactive" Password Checking Alec Muffett (Nov 10)
- RE: "Proactive" Password Checking daN. (Nov 15)
- Re: "Proactive" Password Checking Eric Toll (Nov 10)
- Re: "Proactive" Password Checking Rick Smith (Nov 11)
- Re: "Proactive" Password Checking Eric Budke (Nov 14)
- Message not available
- Re: "Proactive" Password Checking Eric Budke (Nov 17)
- Re: "Proactive" Password Checking Rick Smith (Nov 11)
- Re: "Proactive" Password Checking Rick Smith (Nov 14)
- RE: "Proactive" Password Checking Andreas Gunnarsson (Nov 14)
- Re: "Proactive" Password Checking Dorian Moore (Nov 14)