Re: Password Cracking

[Dave Aronson <spamtrap.secfocus () dja mailme org>]

Jonathan Loh <kj6loh () yahoo com> wrote:

> One of my fellow sysadmins uses the following:  Take any word could
> be from the dictionary or not.  Use 0's, 1's, 5's and so on for
> letter substitutions.

Many password crackers use such substitutions.  To make total subbing 
(which is what I would guess they try first) not work, what I do is not 
sub for every one.  At various times, I have subbed only the first one, 
odd-numbered ones (i.e., 1st, 3rd, 5th, etc.), even-numbered ones, every 
3rd starting with the 2nd, and other patterns.  Of course, random would 
probably be a bit better, but makes it much harder to remember....

---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------