To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 5553
    Re: New feature: Article rating —Mike Stanley
   (...) So what do I do when I login at a publicly accessible machine in a lab? What does anyone in a college environment do? People who are lucky enough to have a spouse who reads (and has a membership) at LUGNET but uses the same computer? To be so (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) ! 
   
        Re: New feature: Article rating —Larry Pieniazek
     (...) And how secure is that? I'm sensing that you're dug into this position and are now in Defensive Mode. Whatever. Fact is, I use a lot of different machines, not all under my control, sometimes at a different client each week. Cookies in that (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)  
    
         Re: New feature: Article rating —Todd Lehman
      (...) Well, obviously, don't do that on a machine that's not under your control. That's for your home system or your laptop -- whatever you use regularly. (...) No, not dug in, just a bit skeptical and need to think changes through carefully. No (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) ! 
     
          Re: New feature: Article rating —Mike Stanley
       (...) I'm thinking of the fairly large percentage of UTK students who live in the dorms but don't own computers. Those kids use my labs (or various friends' machines) for all of their net business. (25 years ago, 26-Mar-00, to lugnet.admin.general) ! 
      
           Re: New feature: Article rating —Richard Franks
       (...) Or the non-US people who have to pay for access and will spend most of their internet time on machines at university or at work. Richard (25 years ago, 26-Mar-00, to lugnet.admin.general) ! 
      
           Re: New feature: Article rating —Peter Callaway
       (...) You guys have got it worse than most. Timed local calls! Which donkey let that one go through? Probably the same donkey that wants to implement it here! At least I can have my home machine permanently wired into the web for hours and it only (...) (25 years ago, 27-Mar-00, to lugnet.admin.general)
     
          Re: New feature: Article rating —Larry Pieniazek
       (...) Mode. (...) OK, make me confirm my confirm (each time warning the non geeky that maybe, just maybe, they ought to use the one the were given) when I go to pick my password, then subject it to a few quick checks to see if it was a good choice (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)  
      
           Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
       (...) OK, I've done more research into human factors of passwords and have crufted together[1] what I hope is a rather froody password checker. First, it's got a _moby_ database of more than 2.7 million words, names, phrases, numbers, and other (...) (25 years ago, 30-Mar-00, to lugnet.admin.general) ! 
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Dan Boger
        (...) just a suggestion - have it also check against known personal info - like name, initials, birthday, etc... also Jenn pointed out you should check against obvious words, like lugnet, lego s@h, etc... :) I can't wait to try it out... Great job! (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Larry Pieniazek
        (...) Right! do all the really obvious checks first (the ones that would say things like "you know, using your first name may not be a good choice for a password") to save cycles. Well, let's have at it, I have some pw's I'd like an opinion on, and (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Dan Boger
        (...) good idea :) (...) just curious - how do you know what your users set their passwords to? ;) Dan (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Larry Pieniazek
        (...) It's my box, and it's going to a show, I was there when the password was set and I know it's not a very good one. But despite being the PM of the project I don't just want to stamp my foot and make them change the password, I'd rather provide (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
       (...) OK, here it is: (URL) summary: Type in a password and it tells you "pass" or "fail". First important question: Are there any bad passwords which this fails to reject? (If it rejects a seemingly good password, that's not necessarily a problem. (...) (25 years ago, 30-Mar-00, to lugnet.admin.general) !! 
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Larry Pieniazek
        (...) it got a "adequate". Sorry, I can't tell you what it is right now, though. Handy tool. Appreciate your making it available. ++Lar (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Scott Edward Sanburn
         (...) stunning, but (...) Indeed. I got an excellent. : ) At least I got some decent passwords, if nothing else! Scott S. (25 years ago, 30-Mar-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
         (...) A couple questions about its structure...I don't know if you can answer these but it seems like you could maybe: Without giving away any hints about what it was, why did you think it was risky? Did it contain a word? Did it contain a word (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
        
             Re: Automated password appraisal (Re: New feature: Article rating) —Larry Pieniazek
         (...) If I even say that I can't answer without giving a hint, that's a hint. Therefore: I can't answer without either giving or not giving away hints as to what it is. :-( ++Lar (25 years ago, 30-Mar-00, to lugnet.admin.general)
        
             Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
         (...) Bummer -- that makes me suspect that it really truly is a horrible password then (as you surmised, and pointed out to your coworker). Yet it passed, which makes me nervous. Welp, if you someday are able to convince your coworker that this (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
        
             Re: Automated password appraisal (Re: New feature: Article rating) —Larry Pieniazek
         (...) I can say this much. It's not your tests. It's the context. Just like your tests give (hypothetically speaking) Lugnet123 a so so score because Lugnet isn't a word, but we know that lugnet isn't a very good root for a password to lugnet (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
        
             Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
         (...) OK, that helps...that's all I need to know...thanks! (...) Yup! (Although "Lugnet" is a word in Swedish, and it finds this. :) (...) Yup! I don't think I'll lose any sleep over it. --Todd (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Dan Boger
        On Thu, 30 Mar 2000 12:28:05 GMT "Larry Pieniazek" <lar@voyager.net> wrote concerning 'Re: Automated password appraisal (Re: New feature: Article rating)': (...) heh, it might be interesting to see a log of the passwords... though I'm sure that Todd (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Jennifer L. Boger
         (...) dang... I'm terrible... though, i did find one that got a %507... :) thanks todd, i love this :) (25 years ago, 30-Mar-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
        (...) I really would love to see how the failure, but it's not work the risk to log them, just as it's not worth the risk to store raw, non-crypted passwords. In the end, this can never be perfect, and I'm sure it will end up accidentally passing (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Selçuk Göre
         Wow, your wordlists are just nice. They even knows me and my wife..:-) Selçuk (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
        (...) Cool! And thanks for checking! --Todd (25 years ago, 31-Mar-00, to lugnet.admin.general)  
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Stephen F. Roberts
        (...) ...Hmmm. I dug up old passwords from long dead servers (don't u hate it when u remember passwords, but not the login id? :-) ...But anyway, I tried '4Gxc5t'... it came back failed but its reasoning was strange... (try it urself :-) the 'slight (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
        (...) For one things, it's being a bit too harsh on numeric->alpha conversions like 4->A and 3->E...it should divide the intermediate results by 2 or something internally while computing the score after a transformaion like that. (...) They might be (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Frank Filz
        I have a suggestion, you may want to test substitute things like "!" as a substitute for "l" or "i". Have you thought about vowels being dropped and K/c substitutions. I have a password which I would consider a worthless password the way you are (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
        (...) You mean, change from checking !->i to checking both !->i and !->l ? (It does currently check !->i -- did that not work for you in some instance?) (...) Good idea! (...) Lemme see about the above suggestions and then you can try it again later (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Frank Filz
         (...) Ah, checked again, it didn't detect "7!" as a mapping for "li", but did detect "7i" as "li". It did reject both passwords though, but it had a lot fewer problems with the "7!" version, and the level changed from "worthless" to "weak". (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
        (...) Hmmm...not sure how to go about doing this... The way the checker achieves its speed is by looking up all substrings in its dictionary rather than passing every single diciontionary word over all substrings (which could take hours). So, for (...) (25 years ago, 30-Mar-00, to lugnet.admin.general) ! 
       
            Re: Automated password appraisal (Re: New feature: Article rating) —David Schilling
        (...) The way I've done something similar in the past is to create a larger dictionary: create a temp file with all words having their vowels removed, and do the c/k mutations too, if desired. Sort and remove duplicate entries. Finally, merge back (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
        (...) OK, so work it backwards, IOW. Cool. That sounds doable, and wouldn't even increase the time it took to evaluate pw's by more than the tiniest percent. (...) Well, if the dictionary grows from 2.7 million to 3.5 million entries, that's OK -- (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)  
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Richard Franks
        (...) It allows: a1b2c3, but fails 1a2b3c, I thought it would (and probably does) check for numeric sequences? (...) It fails: LL-918 as worthless, but gives LL-928 an excellent :) Maybe you should add lots of LEGO set names and abbreviations? EG (...) (25 years ago, 30-Mar-00, to lugnet.admin.general) ! 
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Dan Boger
        On Thu, 30 Mar 2000 16:30:51 GMT "Richard Franks" <spontificus@yahoo.com> wrote concerning 'Re: Automated password appraisal (Re: New feature: Article rating)': (...) heh, my lugnet password came up weak (FAIL)... my personal password came up ok (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Richard Franks
        (...) You could make it stricter I think, send out an email warning with a code# to the member, and block access until they have replied. You could either use the code# to automate unblocking the account, or as part of a manual check. The code# (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Jacob Sparre Andersen
        Todd: (...) Grasp your French MacKeyboard. Start with the 'a' (upper left letter), next you go one up to the '&', then you go one right to 'é', one down to 'z', one right to 'e', one up to '"' (double quote), one left to ''' (single quote), and (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
         (...) It catches the isomorphic QWERTY instance of this ("q12we34r") but I'd love to add xy-tables for Dvorak and non-US keyboards. Any data pointers? (...) That's a sneaky one! :) (...) Ooh -- I'd better make sure that it dislikes [0-9]+[xX][0-9]+ (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
        
             Re: Automated password appraisal (Re: New feature: Article rating) —Dan Boger
         (...) I could probably write one for hebrew keyboard, if you want... what format do you want it? :) Dan (25 years ago, 30-Mar-00, to lugnet.admin.general)
        
             Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
         (...) Cool! OK, how about like this: ---...--- QWERTY 0 0 ~!@#$%^&*()_+ 0 0 `1234567890-= 1 1 QWERTYUIOP{}| 1 1 qwertyuiop[]\ 2 1 ASDFGHJKL:" 2 1 asdfghjkl;' 3 1 ZXCVBNM<>? 3 1 zxcvbnm,./ ---...--- TIA! --Todd (25 years ago, 31-Mar-00, to lugnet.admin.general)
        
             Re: Automated password appraisal (Re: New feature: Article rating) —Dan Boger
         (...) hmmm... I guess I wasn't thinking when I posted... the english part of the herbew keyboard is exactly the same as the US one... The hebrew part of it, cannot really be expressed in ASCII, so I guess my offer was meaningless... sorry... Unless (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
        
             Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
          (...) Sure! If it's not the one at Oxford[1] University, pls. send URL! :) --Todd [1] I always think that looks like a hex number :) (25 years ago, 31-Mar-00, to lugnet.admin.general)
         
              Re: Automated password appraisal (Re: New feature: Article rating) —Dan Boger
          (...) ftp://sable.ox.ac.uk...wordlists/ :) Dan (25 years ago, 31-Mar-00, to lugnet.admin.general)
         
              Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
          (...) Yup -- those are the ones from Oxford! Great lists!!! --Todd (25 years ago, 1-Apr-00, to lugnet.admin.general)
        
             Re: Automated password appraisal (Re: New feature: Article rating) —Shiri Dori
         (...) LOL... that reminds me. My sis used to use a password for this game we had, she was just 4 and needed something she could remember, when all she knew to write was her name. But she didn't want something SO obvious (never mind that I helped her (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
        (...) OK, try that again now. Seeing that this site is LEGO-related, it's best to treat "x" and "X" as part of numeric stuff. In fact there are many other things besides 'x' and '=' which are numeric-related. :-o It now very much dislikes numerical (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Robert Farver
         (...) You might want to add ^ for exponentiation. I just posted a list passwords that passed, including 4 variations of the Theory of Relativity. Rob - Rob Farver - mailto:rfarver@rcn.com (2 URLs) (25 years ago, 31-Mar-00, to lugnet.admin.general)  
        
             Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
         (...) Ah yes! --Todd (25 years ago, 31-Mar-00, to lugnet.admin.general)
        
             Re: Automated password appraisal (Re: New feature: Article rating) —Selçuk Göre
         By the way, for the special characters, it knows what "selcuk" is but doesn't know the "selçuk", which is actually the correct form. Do you want any Turkish wordlists? Selçuk (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)  
        
             Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
         (...) I haven't decoded the ASCII+127 yet on those...sorry. (...) I would love them, if you have any in their native ISO-8859-# encoding. --Todd (25 years ago, 31-Mar-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Frank Filz
         Todd Lehman wrote in message ... (...) [0-9]{4} . (...) to (...) longer (...) Waahh, now it hates one of my passwords... Hm, would you consider parametizing some of the things (or is the code something easily portable)? I'd like to check passwords (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Frank Filz
          Frank Filz wrote in message ... (...) appropriate (...) Thought of another reason to allow parameters or options to the checker... Some systems have restrictions on length of password, some systems are not case sensitive, some systems may not allow (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
        (...) Down the road prolly... Gotta get this cut over ASAP and get the pages stuff finished up... Did it give you enough flexibility that you could find something it liked that you could use? (That's it's only real purpose, even if it happens to be (...) (25 years ago, 1-Apr-00, to lugnet.admin.general)
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Larry Pieniazek
        In lugnet.admin.general, Todd Lehman writes: <pw checker, play away... some design notes> Played with it some more and I am not sure I totally trust it. It thinks MT-5561 is a GREAT password and LEGOSystem4558 is a really bad one. I'm happy to (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Robert Farver
        (...) I've been playing with the 5 character passwords trying to see how high I can get. So far I've got a 156% (Good). Rob - Rob Farver - mailto:rfarver@rcn.com (2 URLs) (25 years ago, 30-Mar-00, to lugnet.admin.general)
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Larry Pieniazek
        In lugnet.admin.general, Todd Lehman writes: <pw checker, play away... some design notes> Oh, and can you post the rank order list somewhere on the page or something? That is, is Outstanding better or worse than Bravissimo! Thanks. ++Lar (25 years ago, 30-Mar-00, to lugnet.admin.general)  
      
           Re: Automated password appraisal (Re: New feature: Article rating) —James Brown
        (...) Inconsistent results. It quite happily failed obvious stuff like "James1" or "Galliard" or "June15", but also missed some glaring ones. For example, it failed my Social Insurance number, but only because it was all from 1 keyboard row. It (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
        (...) Try again now. :) (...) It doesn't check for up/down/left/right keyboard shifting, no. (...) It doesn't check for cross-keyboard translations either, no. If I can get my hands on more keyboard xy tables, maybe I can check for these too. (...) (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Kevin Salm
        (...) Okay, what is left?? I am wondering what kind of imagination I will need to generate an acceptable password. So far I have had no problem generating passwords that exceed 300% acceptance, but if the acceptable parameters continue to become (...) (25 years ago, 5-Apr-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Kevin Salm
        I guess this can be fun. With a bit of tweaking here and there, I just generated a password which returned a 1269% approval rating. Anyone think they can top that? __Kevin Salm__ (25 years ago, 5-Apr-00, to lugnet.admin.general)
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Ed Jones
        (...) [snip] (...) Very interesting results. It seems to LOVE NASD and NYSE rule numbers: NASD15a-6 got a 252% What is the percentage range that will display? Its very hard to tell what is really good or bad by the percentages that display until you (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Ed Jones
         (...) It likes the Uniform Commercial code even better: UCCart8-9 - 368% Excellent However, LUGNETTODD - gets a "terrible" :') (25 years ago, 30-Mar-00, to lugnet.admin.general)  
        
             Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
         (...) OK, try again now. It should dislike the "8-9" part enough to fail it. --Todd (25 years ago, 30-Mar-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
        (...) OK, try again now. (BOY is this thing getting picky now about numbers and stuff. I hope it's not getting too restrictive. I'll have to stop tinkering at some point soon.) (...) Theoretically infinite in both directions. It's just a number, and (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Steve Bliss
        (...) How about some of the following? They seem topically weak to me. lg*mnfg - 389% excellent shp@hm8354386 - 236% great m:trn6989 - 272% great Steve (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Scott Edward Sanburn
         (...) I got a 421%, and then a -125%. Very interesting, i might have to switch some of my passwords here now! :) Scott S. (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
        (...) Not sure how to detect this...it isn't that terrible anyway, is it? (I can see that it comes from "lego*minifig" but it's still probably strong enough?) (...) Now gives a -1030%. (...) Now gives a 200%. If LEGO sets weren't an issue it would (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Richard Franks
        It really likes: fnark-5- (345%) but hates: fnark-5-lego (-104%) Surely that's squiffy? Or is it based on the theory that being able to guess the 'lego' part will make the 'fnark-5-' more obvious? Richard (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
        (...) It's a side-effect of downrating fluffy portions even though they don't hurt. That is, if you have a wicked strong 8-character pw (call it "X" for short), then even though "Xlego" is no worse than "X", it takes points off for the fluffy part (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Larry Pieniazek
        (...) I am starting to think that this password checker, in its current form (which I'd like to see left accessable as it IS useful) shouldn't actually block a password. It should tell me that "maybe this isn't a good choice" but it doesn't know (...) (25 years ago, 30-Mar-00, to lugnet.admin.general) ! 
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
         (...) Yum, yum! :-s Well, ya gotta also figure that decreasing the safety margin from 100,000 to 1000 is one thing (bad -- and I don't think that's case here), but decreasing it from, say, eleventeen hundred quintrillion down to fifty-seven (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)  
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Selçuk Göre
         Larry Pieniazek wrote: <snip> (...) I'm not a guru on the subject by any means, but while an attacker using wordlists and trying to crack a password with bruteforce or something like, I mean, by trial and error, I think any combination of dates are (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Larry Pieniazek
        (...) from (...) ALL (...) that (...) numbers (...) This was a hypothetical example. Dates are not actually good passwords, but they're easy to use to demonstrate differences in context. my birthday is a bad password for me (one of the first few (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Alan Gerber
        (...) I got p@$$\/\/0?oI through it as a 169. Mwhahahahahahaha! Alan (25 years ago, 30-Mar-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Alan Gerber
        (...) I meant to put in p@$$\/\/0roI in, but messed up. p@$$\/\/0roI got a 100% Alan (25 years ago, 30-Mar-00, to lugnet.admin.general)
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Robert Farver
        (...) Formulae: e=mc^2 - Great (266%) E=mc^2 - Excellent (303%) e=m*c^2 - Outstanding (556%) E=m*c^2 - Outstanding (594%) Keyboard runs: zdt7cgu9 - Outstanding (491%) zcbmadgj - Outstanding (462%) zfu0xgi- - Outstanding (529%) Software Titles: (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Christopher L. Weeks
        Neat Todd! (...) It thinks <({})> is fine 250% and doesn't detect it as a pallindrome even though it is from a human point of view. You might want to add something that recognizes stuff encapsulated within open and close of the same type of (...) (25 years ago, 2-Apr-00, to lugnet.admin.general)
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Shiri Dori
        (...) Ouch... it passes @%)^*$, which is a +shift version of my birthdate. Now that's a bad password! Just like it doesn't allow an only numeric sequence, or an only alphabetic sequence, it should not allow an only spec. character sequence. -Shiri (25 years ago, 2-Apr-00, to lugnet.admin.general)
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Bram Lambrecht
        (...) the ~ key (without pressing Shift) Here are the keyboard rows: 0 1 å/-À¶ØÖ¤µ¨¢ª 0 1 +ñòóôÙßõö÷øù 1 1 æäÓ¾ÐÑÕùºţ 1 1 ð"®±¸íê³Ï­°,¥ 2 1 ¿Ë¡´àéèÒÊǧ 2 1 Ħ¯â¬çëÉÈ«. 3 1 ¼»áÍÔ×·Áã½ 3 1 ()©ÎÚì?²ÌÆ Might want to take that into consideration... (...) (25 years ago, 2-Apr-00, to lugnet.admin.general)  
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Ben Roller
        (...) The checker should equate the following IMHO: |_ L + t < k ~ n \/ V () O or 0 "\/()+eF0rMe" (Vote for Me) for example gives a 788% success rate. "|_uGn3+" which is a complicated way to write "Lugnet" passes with 481% "|_eGoBr|<K5" (LegoBricks) (...) (25 years ago, 2-Apr-00, to lugnet.admin.general)
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Susan Hoover
        (...) the wrong way. "Toy" as in "geek thing to play with" rather than as in "insignificant".) (...) Yes! Several passwords of the form "[l3G0]" (with brackets but without the quotation marks) get an adequate passing grade of ~149%. Try things like (...) (25 years ago, 12-Apr-00, to lugnet.admin.general)
       
            Re: Automated password appraisal (Re: New feature: Article rating) —Susan Hoover
        (...) Ugh. "[l3G()]" gets a 506% passing grade. (25 years ago, 12-Apr-00, to lugnet.admin.general)
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Matthew Miller
       (...) 1. Can you use https for this? 2. How about a 'passwords submitted aren't logged' privacy statement? Why? 'Cause it's so cool I was instantly tempted into typing in old passwords that I no longer use, and was almost tempted into typing in (...) (25 years ago, 12-Apr-00, to lugnet.admin.general)  
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Todd Lehman
       (...) What's involved in setting up an https server? I remember reading once upon a time (it must've been about 2 years ago) that it could be kind of a mess, and that connections often took 1 second to authenticate. That would be a problem for (...) (25 years ago, 13-Apr-00, to lugnet.admin.general)
      
           Re: Automated password appraisal (Re: New feature: Article rating) —Matthew Miller
       (...) It's not too hard. But I forgot; you're using a web hosting place. (Pair?) Depending on what level of service you're paying for, you may already have ssl support. (Or conversely, it may not be an option.) (...) I've not noticed that bad of a (...) (25 years ago, 13-Apr-00, to lugnet.admin.general)
     
          Re: New feature: Article rating —Shiri Dori
      (...) Yep, you can be sure he's not the only one. I have two computers at home, but regardless I often get online from the school library or the ESL room (1). At those times I can only read, not post or rate or anything. OTOH, when I want to read my (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
     
          Re: New feature: Article rating —Tom Stangl
      I log on to Lugnet on a minimum of 4 different machines, 2 from home, 2 from work, and may be logging on from my Libretto on the road this summer. So anything making it easier to log in and have settings be the same, the better. (...) -- Tom Stangl (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
    
         Re: New feature: Article rating —Eric Joslin
     (...) Depends on the location. Clearly, as both you and Mike are capable of pointing out, there are inappropriate places to use that tactic in. That just means there are places you can access Lugnet from that you can't use all the features from, (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)  
    
         Re: New feature: Article rating —Mike Stanley
      (...) ^^^^^^^ That's actually a bad thing, imo. I don't know when this changed (and sometimes I am glad it did) but I don't really like the fact that I can post AS ME from any machine simply by typing in my name and e-mail address. I _think_ this is (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)  
     
          Re: New feature: Article rating —Eric Joslin
      The main thrust of this whole conversaion has gotten very far away from my original point, which I feel I made just fine, but: (...) My vote would be to keep Lugnet a place where you can post from any interface without paying for a membership. There (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)  
     
          Re: New feature: Article rating —Todd Lehman
       (...) I agree. But if Mike's suggestion is taken a little differently, i.e., "I think _I_ should have to sign in to post via the web interface." ...then that's probably a good thing. Once you do decide to beomce a member, you should (it would be (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)  
      
           Re: New feature: Article rating —Shiri Dori
       (...) Me 2. (...) Definitely. I also think this should be possible even if you're not a member, but that's just my view of it. (I'm a member, so I'll have that anyway :) Oh, and Todd...? Todd wrote: (...) ^^^ Your second three-letter switch in a (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
     
          Re: New feature: Article rating —Mike Stanley
      (...) Then implement a username/password system that doesn't require a membership but can accomodate one. Pretty simple, just have a membership field in the record. People who are just trying it out can read and post, but not access member-only (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) ! 
    
         Re: New feature: Article rating —Larry Pieniazek
     (...) Don't assume you know what I'm assuming! However, you didn't refute my points, I note. Just glossed over them as "not convincing enough"... So something that is less secure and harder to use is better in your book? ++Lar (25 years ago, 27-Mar-00, to lugnet.admin.general)
    
         Re: New feature: Article rating —Eric Joslin
     (...) Touche. :D (...) No, I feel that I explained well enough many times why I feel that the current system is fine, and why you don't have to carry around a card with your passwd on it. Several times. And I don't care to again. So, since you (...) (25 years ago, 27-Mar-00, to lugnet.admin.general)  
   
        Re: New feature: Article rating —Todd Lehman
   (...) Use either the top radio button and close the browser when you're done, or use the bottom radio button and set a timeout like 1 hour in case you forget to sign out manually. (...) Leave yourself signed in, or sign out manually when you're (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) ! 
   
        Re: New feature: Article rating —Mike Stanley
   (...) But I don't _want_ to, and to suggest that as an alternative to carrying around a machine-generated password seems a little boneheaded. I don't _want_ to leave myself logged into Lugnet just like I don't _want_ to leave myself logged into (...) (25 years ago, 27-Mar-00, to lugnet.admin.general)  
   
        Re: New feature: Article rating —Todd Lehman
   (...) Thick-skulled, maybe...dunno if I agree about boneheaded. :) I guess next time I'll hafta read your mind. I only had what you wrote to go on -- which seemed to be implying something false. I was only replying to point out that it -was- indeed (...) (25 years ago, 27-Mar-00, to lugnet.admin.general)
   
        Re: New feature: Article rating —Mike Stanley
   (...) Same thing? :) (...) Yes, although I would say use that new password every time. I don't cache passwords other than at home, and not all the time there. (25 years ago, 27-Mar-00, to lugnet.admin.general)
   
        Re: New feature: Article rating —Todd Lehman
   (...) Just a side note about the sign-in cookie... Your member ID and password are stored in the cookie, but in murfled form. Thus, if someone is able to steal your sign-in cookie, they can impersonate you, but they still won't know your password, (...) (25 years ago, 27-Mar-00, to lugnet.admin.general)  
 

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR