Penetration Testing mailing list archives
Re: looking for a webapp bruteforce video for non-techies
From: "Robin Wood" <dninja () gmail com>
Date: Tue, 3 Jun 2008 17:08:02 +0100
2008/6/3 Martin O'Neal <martin.oneal () corsaire com>:
It didn't help that the password was only 5 characters!That may not actually be such a bad password (on balance and in context). Sure it is a dictionary/leet word variant, but five characters actually carry plenty of entropy (if mixed case and numerics are also used). However, if you have an authentication mechanism that doesn't lock out an account and *allows* brute forcing, it doesn't really matter how strong the password is; given enough universe-lifetimes an attacker will always guess it eventually.
Trust me, it is a VERY bad password in these circumstances! Robin ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- looking for a webapp bruteforce video for non-techies Robin Wood (Jun 03)
- Re: looking for a webapp bruteforce video for non-techies Jakub (Jun 03)
- Re: looking for a webapp bruteforce video for non-techies Jakub (Jun 03)
- Message not available
- RE: looking for a webapp bruteforce video for non-techies Paul Melson (Jun 03)
- Re: looking for a webapp bruteforce video for non-techies Robin Wood (Jun 03)
- RE: looking for a webapp bruteforce video for non-techies Paul Melson (Jun 03)
- Re: looking for a webapp bruteforce video for non-techies Anthony Cicalla (Jun 03)
- Message not available
- Re: looking for a webapp bruteforce video for non-techies Robin Wood (Jun 03)
- Re: looking for a webapp bruteforce video for non-techies pand0ra (Jun 03)
- Re: looking for a webapp bruteforce video for non-techies Anthony Cicalla (Jun 03)
- <Possible follow-ups>
- RE: RE: looking for a webapp bruteforce video for non-techies admin (Jun 03)