[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Passwords : include a space

From: "Ali Soylu" <alisoylu@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Passwords : include a space
Date: Mon, 28 Jan 2008 19:42:31 -0500

On Jan 28, 2008 4:40 PM, Paul Schmehl <pauls@xxxxxxxxxxxx> wrote:
> --On Monday, January 28, 2008 12:33:17 -0800 Stephan Wehner
> <stephanwehner@xxxxxxxxx> wrote:
>
> > Here is a simple way to increase password security with respect to
> > dictionary attacks:
> >
> >  * Passwords must contain at least one space character
> >  * When the user chooses a new password, tell them they should enter
> > at least two words, separated by a space.
> >
> > (Example: yellow banana)
> >
> > I would expect this to be easy to understand and users would not have
> > any problems.
> >
>
> The example you give would be cracked in a few minutes using a modern machine
> and a good cracker (e.g. John the Ripper).  It would be far better to use
> Ye11oW B@nAn@.

I'd hope any good password cracker would also try leetizing the
dictionary words and upper/lower combinations, so I would not consider
that password so much better.

ALi

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- [WEB SECURITY] Passwords : include a space
  - From: Stephan Wehner
- Re: [WEB SECURITY] Passwords : include a space
  - From: Paul Schmehl

Prev by Date: Re: [WEB SECURITY] thoughts on salted passwords within web applications?
Next by Date: Re: [WEB SECURITY] Passwords : include a space
Previous by thread: Re: [WEB SECURITY] Passwords : include a space
Next by thread: RE: [WEB SECURITY] Passwords : include a space
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site