[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Passwords : include a space
- From: "Cave Crickett" <crickett@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] Passwords : include a space
- Date: Mon, 28 Jan 2008 15:44:07 -0700
------=_Part_8637_4508759.1201560248021
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
What scares me most about passwords is that people use the same ones on
trusted and untrusted systems. So not only do I need strong passwords, I
need unique ones for each site / system I access. This gets WAY tedious VERY
fast.
G
On Jan 28, 2008 3:10 PM, Jeff Robertson <jeff.robertson@gmail.com> wrote:
> On Jan 28, 2008 4:40 PM, Paul Schmehl <pauls@utdallas.edu> wrote:
> > >
> > > (Example: yellow banana)
> > >
> >
> > The example you give would be cracked in a few minutes using a modern
> machine
> > and a good cracker (e.g. John the Ripper). It would be far better to
> use
> > Ye11oW B@nAn@.
>
> But how much better is that really? A cracker should be able to
> translate its entire wordlist to 1337 speak just as well as a human
> user can.
>
> I had always assumed that password complexity rules were about
> brute-force login attempts, not about cracking.
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
--
Greg Bosen
------=_Part_8637_4508759.1201560248021
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
What scares me most about passwords is that people use the same ones on trusted and untrusted systems. So not only do I need strong passwords, I need unique ones for each site / system I access. This gets WAY tedious VERY fast.<br>
<br>G<br><br><br><br><div class="gmail_quote">On Jan 28, 2008 3:10 PM, Jeff Robertson <<a href="mailto:jeff.robertson@gmail.com";>jeff.robertson@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Jan 28, 2008 4:40 PM, Paul Schmehl <<a href="mailto:pauls@utdallas.edu";>pauls@utdallas.edu</a>> wrote:<br>> ><br>> > (Example: yellow banana)<br><div class="Ih2E3d">> ><br>><br>> The example you give would be cracked in a few minutes using a modern machine<br>
> and a good cracker (e.g. John the Ripper). It would be far better to use<br>> Ye11oW B@nAn@.<br><br></div>But how much better is that really? A cracker should be able to<br>translate its entire wordlist to 1337 speak just as well as a human<br>
user can.<br><br>I had always assumed that password complexity rules were about<br>brute-force login attempts, not about cracking.<br><div><div></div><div class="Wj3C7c"><br>----------------------------------------------------------------------------<br>
Join us on IRC: <a href="http://irc.freenode.net"; target="_blank">irc.freenode.net</a> #webappsec<br><br>Have a question? Search The Web Security Mailing List Archives:<br><a href="http://www.webappsec.org/lists/websecurity/"; target="_blank">http://www.webappsec.org/lists/websecurity/</a><br>
<br>Subscribe via RSS:<br><a href="http://www.webappsec.org/rss/websecurity.rss"; target="_blank">http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br><br></div></div></blockquote></div><br><br clear="all"><br>-- <br>
Greg Bosen
------=_Part_8637_4508759.1201560248021--
Brought to you by http://www.webappsec.org
Search this site
|