[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] Passwords : include a space

From: "Martin O'Neal" <martin.oneal@xxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] Passwords : include a space
Date: Mon, 28 Jan 2008 21:52:59 -0000


> Here is a simple way to increase password security with 
> respect to dictionary attacks:

> * Passwords must contain at least one space character
> * When the user chooses a new password, tell them they 
> should enter at least two words, separated by a space.

A dictionary-space-dictionary combination is only an order of magnitude
better than a dictionary password alone though.  If your vocabulary is
30,000 words, then when being brute-forced on a contemporary processor,
your dictionary word will be discovered in less than a second, and the
dictionary-space-dictionary password will fall out in less than three
minutes.

In comparison, a non-dictionary 8 character password containing only
upper & lower alpha and numeric's will take 600 days on the same
processor.

Predictable formats and passwords are not happy bed fellows.

Martin...










----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- [WEB SECURITY] Passwords : include a space
  - From: Stephan Wehner

Prev by Date: Re: [WEB SECURITY] Passwords : include a space
Next by Date: Re: [WEB SECURITY] Passwords : include a space
Previous by thread: Re: [WEB SECURITY] Passwords : include a space
Next by thread: Re: [WEB SECURITY] Passwords : include a space
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site