[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Passwords : include a space
- From: bugtraq@xxxxxxxxxxxxxxx
- Subject: Re: [WEB SECURITY] Passwords : include a space
- Date: Mon, 28 Jan 2008 17:19:48 -0500 (EST)
John the Ripper does have l33tspe4k mutation modules available so not adding much protection here.
- Robert
http://www.cgisecurity.com/
http://www.qasec.com/
http://www.webappsec.org/
>
> On Jan 28, 2008 4:40 PM, Paul Schmehl <pauls@xxxxxxxxxxxx> wrote:
> > >
> > > (Example: yellow banana)
> > >
> >
> > The example you give would be cracked in a few minutes using a modern machine
> > and a good cracker (e.g. John the Ripper). It would be far better to use
> > Ye11oW B@nAn@.
>
> But how much better is that really? A cracker should be able to
> translate its entire wordlist to 1337 speak just as well as a human
> user can.
>
> I had always assumed that password complexity rules were about
> brute-force login attempts, not about cracking.
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Brought to you by http://www.webappsec.org
Search this site
|