Firewall Wizards mailing list archives
RE: "Proactive" Password Checking
From: "Eric Toll" <etoll () syracusesupply com>
Date: Fri, 12 Nov 1999 16:29:16 -0500
Explain to me the 8 character truncation, something which does not happen on my systems in place, I can go 20 (twenty) places or more.
"daN." <dan () nesmail com> 11/12/99 03:55PM >>>Now consider the password "maryhadalittlelamb" hard to crack, easy to
remember, not a >problem for dictionary crackers. Just tell users to put a few words _together_ for >security, like their favorite song lyric or something.
that would be truncated to 'maryhada' which happens to actually be in my password dictionary...even if it wasn't popular password cracking programs will combine words in your dictionary as well as use words back and forwards with diffrent cases, and the more users you have the more likely they are to grab at least one password this way..If your technique where to work at all you would need to make several changes, add random capitolization, and add at least one none numerical non alpha character to your password. But even with these rules in place you make a brute force attack slightly easier because when you set rules on a password you are minimizing the maximum amount of possible passwords. So it comes right back to the best password is an absolutely random one(which you should still run a dictionary attack against just in case it randomly ends up being something that doesn't look so random :) ). Dan Steele Network Administrator WestNet Management Corp.
Current thread:
- Re: "Proactive" Password Checking, (continued)
- Message not available
- Re: "Proactive" Password Checking Eric Budke (Nov 17)
- Re: "Proactive" Password Checking Rick Smith (Nov 14)
- RE: "Proactive" Password Checking Paul McNabb (Nov 10)
- RE: "Proactive" Password Checking Andreas Gunnarsson (Nov 14)
- Re: "Proactive" Password Checking Dorian Moore (Nov 14)
- Re: "Proactive" Password Checking Zzzil (Nov 14)
- RE: "Proactive" Password Checking bhe (Nov 14)
- RE: "Proactive" Password Checking Moore, James (Nov 14)
- Re: "Proactive" Password Checking Joseph S D Yao (Nov 17)
- RE: "Proactive" Password Checking Bill_Royds (Nov 14)
- RE: "Proactive" Password Checking Eric Toll (Nov 15)
- Re: "Proactive" Password Checking Joseph S D Yao (Nov 17)
- RE: "Proactive" Password Checking Moore, James (Nov 15)
- Re: "Proactive" Password Checking Andreas Gunnarsson (Nov 15)
- RE: "Proactive" Password Checking sean . kelly (Nov 15)
- Re: "Proactive" Password Checking Eric Toll (Nov 15)
- RE: "Proactive" Password Checking Moore, James (Nov 17)
- RE: "Proactive" Password Checking Russ (Nov 17)
- Re: "Proactive" Password Checking Aleph One (Nov 18)
- RE: "Proactive" Password Checking Vin McLellan (Nov 17)
- RE: "Proactive" Password Checking Moore, James (Nov 17)