| | Re: New feature: Article rating
|
|
This looks really neat! :) Is there a table with the top articles on it? There's little point voting on something from a year ago if no-one will see it :) Richard (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) It's on the "to-do" list. --Todd (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
I really want the ability to set my own password. I've lost my password somewhere and don't have a prayer of remembering what it is. SO I can't rate my articles 100 and Todd's 0 until I either find it again or get my pw set to something easy for me (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) So I suppose Todd is going to have to call you on the telephone again to give you your password. I guess that we can forgive you as you have recently moved into a new home and that can increase anyones confusion/disorganization factor. Are you (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Actually, I'd seen someone rating quite a few of your articles highly, and I kinda assumed that it was you :) :) My password is kinda easy to remember as passwords go, containing my initials, a single repeated digit and a naff name that I (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) No. I just couldn't think of a place to put it. I don't write on my laptop screen and the plastic around the edge is black. No other place is likely to be always near me. I forgot to put it into my top secret password file. (which is used (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Probably there will be a way to set an additional password to use on top of the main password as a simple sign-in/sign-out layer, or to choose one of several machine-generated passwords. (...) By design, that is impossible. There is no way to (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) It would be a total coincidence, yes, and BTW you shouldn't be giving away details like that about your password. You just made it 2,050 times easier for someone to brute-force crack your password. :-( --Todd (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Yeah, I don't think I've ever "signed in" simply because I can't bother to keep up with another password I didn't pick. Once I hear I can login ONCE with this password I refuse to put any effort into holding onto or remembering and change it (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Totally agreed. Machine generated, unchangeable passwords get written down. That compromises them. If this system is so important that security is paramount over ease of use (which I have a hard time seeing, it doesn't control human lives or (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) Currently you *can* login "ONCE" by selecting "never log me out" (or something similar, I don't remember the exact wording). I logged in once at home, and have never re-entered my passwd. When I come back and dial up, opena browser, and go to (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) I use too many machines for this to be useful to me. Plus I lose my cookies (sounds kinda gross) often enough on the machines I DO use on a regular basis. (...) Disagree strongly. If the spiffy new feature isn't usable because of an easy to (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) That must be a lot of machines. I use one at home (which happens to get multiple IPs from dynamic IPaddressing from my ISP, but that makes no difference in the way that the Lugnet server sees me, thanks to cookies) but I use one of a pool of (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) That might be fine for home (or maybe it wouldn't be - maybe my wife and I share a computer to access LUGNET (we don't, since I have more than a few computers, but we could)?) but it wouldn't work for work. My LUGNET packet is sitting in my (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) Ditto to that. I currently can (and do) access Lugnet from at least 5 machines at home, 3 machines in my cube at work, and any number of machines scattered around campus (what else am I supposed to do while waiting for a server to do something (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Why would you have to keep track of it if you were always logged in? You'd type it in once and that would be that. Trust me, my job requires no small amount of passwds to be remembered by me, too. (...) Who said all the new features were going (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) You can sign in once with your password and stay permanently signed in. (Simply use the middle radio button at the Sign-In page.) --Todd (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) Well, in that LUGNET should "accomodate" the ability to set your own password (something _every_ online store/site I use does) yes. And I doubt Larry is losing his cookies due to "user error". Saving your password in a cookie is nice, but its (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Yeah, but the point is we ARE right. You're not concerned about it, Todd may not be concerned about it, but the market backs us up. Can you change your password at Amazon.com? BN.com? Any other major online retailer you care to name? How about (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) In your opinion. And I am right in mine. (...) And how is Lugnet a retailer, exactly? Look, I'm not saying that I wouldn't like to see the feature. But I don't think it's "broken" in any way, I don't think it's "unusable" by a "majority of the (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) So what do I do when I login at a publicly accessible machine in a lab? What does anyone in a college environment do? People who are lucky enough to have a spouse who reads (and has a membership) at LUGNET but uses the same computer? To be so (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) Can you name a major website with the sort of long-term goals that LUGNET has that sides with your "setting your own password isn't important" opinion? (...) Well, did you read the rest of that paragraph? eCircles isn't a retailer - it is a (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) A password system that, I remind you, controls your access to *two* things- neither one of which even approaches being essential to normal use. (...) I think that Todd's reasoning, posted elsewhere in this thread, is well-thought-out. Trying (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Well, there you go. I didn't even know there was something else that required you to sign in to access it. So that is two features right now that I cannot access (as a paid member) unless I choose to compromise the same security these silly (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) And how secure is that? I'm sensing that you're dug into this position and are now in Defensive Mode. Whatever. Fact is, I use a lot of different machines, not all under my control, sometimes at a different client each week. Cookies in that (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Well, obviously, don't do that on a machine that's not under your control. That's for your home system or your laptop -- whatever you use regularly. (...) No, not dug in, just a bit skeptical and need to think changes through carefully. No (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) I'm thinking of the fairly large percentage of UTK students who live in the dorms but don't own computers. Those kids use my labs (or various friends' machines) for all of their net business. (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) Depends on the location. Clearly, as both you and Mike are capable of pointing out, there are inappropriate places to use that tactic in. That just means there are places you can access Lugnet from that you can't use all the features from, (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Mode. (...) OK, make me confirm my confirm (each time warning the non geeky that maybe, just maybe, they ought to use the one the were given) when I go to pick my password, then subject it to a few quick checks to see if it was a good choice (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Or the non-US people who have to pay for access and will spend most of their internet time on machines at university or at work. Richard (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) ^^^^^^^ That's actually a bad thing, imo. I don't know when this changed (and sometimes I am glad it did) but I don't really like the fact that I can post AS ME from any machine simply by typing in my name and e-mail address. I _think_ this is (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
The main thrust of this whole conversaion has gotten very far away from my original point, which I feel I made just fine, but: (...) My vote would be to keep Lugnet a place where you can post from any interface without paying for a membership. There (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) I agree. But if Mike's suggestion is taken a little differently, i.e., "I think _I_ should have to sign in to post via the web interface." ...then that's probably a good thing. Once you do decide to beomce a member, you should (it would be (...) (25 years ago, 26-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Then implement a username/password system that doesn't require a membership but can accomodate one. Pretty simple, just have a membership field in the record. People who are just trying it out can read and post, but not access member-only (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) Use either the top radio button and close the browser when you're done, or use the bottom radio button and set a timeout like 1 hour in case you forget to sign out manually. (...) Leave yourself signed in, or sign out manually when you're (...) (25 years ago, 26-Mar-00, to lugnet.admin.general) !
|
|
| | Re: New feature: Article rating
|
|
(...) Don't assume you know what I'm assuming! However, you didn't refute my points, I note. Just glossed over them as "not convincing enough"... So something that is less secure and harder to use is better in your book? ++Lar (25 years ago, 27-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) You guys have got it worse than most. Timed local calls! Which donkey let that one go through? Probably the same donkey that wants to implement it here! At least I can have my home machine permanently wired into the web for hours and it only (...) (25 years ago, 27-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Thick-skulled, maybe...dunno if I agree about boneheaded. :) I guess next time I'll hafta read your mind. I only had what you wrote to go on -- which seemed to be implying something false. I was only replying to point out that it -was- indeed (...) (25 years ago, 27-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) But I don't _want_ to, and to suggest that as an alternative to carrying around a machine-generated password seems a little boneheaded. I don't _want_ to leave myself logged into Lugnet just like I don't _want_ to leave myself logged into (...) (25 years ago, 27-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Touche. :D (...) No, I feel that I explained well enough many times why I feel that the current system is fine, and why you don't have to carry around a card with your passwd on it. Several times. And I don't care to again. So, since you (...) (25 years ago, 27-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Same thing? :) (...) Yes, although I would say use that new password every time. I don't cache passwords other than at home, and not all the time there. (25 years ago, 27-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Just a side note about the sign-in cookie... Your member ID and password are stored in the cookie, but in murfled form. Thus, if someone is able to steal your sign-in cookie, they can impersonate you, but they still won't know your password, (...) (25 years ago, 27-Mar-00, to lugnet.admin.general)
|
|
| | Automated password appraisal (Re: New feature: Article rating)
|
|
(...) OK, I've done more research into human factors of passwords and have crufted together[1] what I hope is a rather froody password checker. First, it's got a _moby_ database of more than 2.7 million words, names, phrases, numbers, and other (...) (25 years ago, 30-Mar-00, to lugnet.admin.general) !
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) just a suggestion - have it also check against known personal info - like name, initials, birthday, etc... also Jenn pointed out you should check against obvious words, like lugnet, lego s@h, etc... :) I can't wait to try it out... Great job! (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Yep, you can be sure he's not the only one. I have two computers at home, but regardless I often get online from the school library or the ESL room (1). At those times I can only read, not post or rate or anything. OTOH, when I want to read my (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Right! do all the really obvious checks first (the ones that would say things like "you know, using your first name may not be a good choice for a password") to save cycles. Well, let's have at it, I have some pw's I'd like an opinion on, and (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) good idea :) (...) just curious - how do you know what your users set their passwords to? ;) Dan (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) It's my box, and it's going to a show, I was there when the password was set and I know it's not a very good one. But despite being the PM of the project I don't just want to stamp my foot and make them change the password, I'd rather provide (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) Me 2. (...) Definitely. I also think this should be possible even if you're not a member, but that's just my view of it. (I'm a member, so I'll have that anyway :) Oh, and Todd...? Todd wrote: (...) ^^^ Your second three-letter switch in a (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
I log on to Lugnet on a minimum of 4 different machines, 2 from home, 2 from work, and may be logging on from my Libretto on the road this summer. So anything making it easier to log in and have settings be the same, the better. (...) -- Tom Stangl (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) OK, here it is: (URL) summary: Type in a password and it tells you "pass" or "fail". First important question: Are there any bad passwords which this fails to reject? (If it rejects a seemingly good password, that's not necessarily a problem. (...) (25 years ago, 30-Mar-00, to lugnet.admin.general) !!
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) it got a "adequate". Sorry, I can't tell you what it is right now, though. Handy tool. Appreciate your making it available. ++Lar (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) stunning, but (...) Indeed. I got an excellent. : ) At least I got some decent passwords, if nothing else! Scott S. (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) ...Hmmm. I dug up old passwords from long dead servers (don't u hate it when u remember passwords, but not the login id? :-) ...But anyway, I tried '4Gxc5t'... it came back failed but its reasoning was strange... (try it urself :-) the 'slight (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
I have a suggestion, you may want to test substitute things like "!" as a substitute for "l" or "i". Have you thought about vowels being dropped and K/c substitutions. I have a password which I would consider a worthless password the way you are (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) It allows: a1b2c3, but fails 1a2b3c, I thought it would (and probably does) check for numeric sequences? (...) It fails: LL-918 as worthless, but gives LL-928 an excellent :) Maybe you should add lots of LEGO set names and abbreviations? EG (...) (25 years ago, 30-Mar-00, to lugnet.admin.general) !
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
Todd: (...) Grasp your French MacKeyboard. Start with the 'a' (upper left letter), next you go one up to the '&', then you go one right to 'é', one down to 'z', one right to 'e', one up to '"' (double quote), one left to ''' (single quote), and (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
In lugnet.admin.general, Todd Lehman writes: <pw checker, play away... some design notes> Played with it some more and I am not sure I totally trust it. It thinks MT-5561 is a GREAT password and LEGOSystem4558 is a really bad one. I'm happy to (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
In lugnet.admin.general, Todd Lehman writes: <pw checker, play away... some design notes> Oh, and can you post the rank order list somewhere on the page or something? That is, is Outstanding better or worse than Bravissimo! Thanks. ++Lar (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) A couple questions about its structure...I don't know if you can answer these but it seems like you could maybe: Without giving away any hints about what it was, why did you think it was risky? Did it contain a word? Did it contain a word (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) For one things, it's being a bit too harsh on numeric->alpha conversions like 4->A and 3->E...it should divide the intermediate results by 2 or something internally while computing the score after a transformaion like that. (...) They might be (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) You mean, change from checking !->i to checking both !->i and !->l ? (It does currently check !->i -- did that not work for you in some instance?) (...) Good idea! (...) Lemme see about the above suggestions and then you can try it again later (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Ah, checked again, it didn't detect "7!" as a mapping for "li", but did detect "7i" as "li". It did reject both passwords though, but it had a lot fewer problems with the "7!" version, and the level changed from "worthless" to "weak". (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) If I even say that I can't answer without giving a hint, that's a hint. Therefore: I can't answer without either giving or not giving away hints as to what it is. :-( ++Lar (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Inconsistent results. It quite happily failed obvious stuff like "James1" or "Galliard" or "June15", but also missed some glaring ones. For example, it failed my Social Insurance number, but only because it was all from 1 keyboard row. It (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
On Thu, 30 Mar 2000 12:28:05 GMT "Larry Pieniazek" <lar@voyager.net> wrote concerning 'Re: Automated password appraisal (Re: New feature: Article rating)': (...) heh, it might be interesting to see a log of the passwords... though I'm sure that Todd (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) It catches the isomorphic QWERTY instance of this ("q12we34r") but I'd love to add xy-tables for Dvorak and non-US keyboards. Any data pointers? (...) That's a sneaky one! :) (...) Ooh -- I'd better make sure that it dislikes [0-9]+[xX][0-9]+ (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) I could probably write one for hebrew keyboard, if you want... what format do you want it? :) Dan (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) [snip] (...) Very interesting results. It seems to LOVE NASD and NYSE rule numbers: NASD15a-6 got a 252% What is the percentage range that will display? Its very hard to tell what is really good or bad by the percentages that display until you (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) dang... I'm terrible... though, i did find one that got a %507... :) thanks todd, i love this :) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
On Thu, 30 Mar 2000 16:30:51 GMT "Richard Franks" <spontificus@yahoo.com> wrote concerning 'Re: Automated password appraisal (Re: New feature: Article rating)': (...) heh, my lugnet password came up weak (FAIL)... my personal password came up ok (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) It likes the Uniform Commercial code even better: UCCart8-9 - 368% Excellent However, LUGNETTODD - gets a "terrible" :') (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) How about some of the following? They seem topically weak to me. lg*mnfg - 389% excellent shp@hm8354386 - 236% great m:trn6989 - 272% great Steve (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) I got a 421%, and then a -125%. Very interesting, i might have to switch some of my passwords here now! :) Scott S. (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Hmmm...not sure how to go about doing this... The way the checker achieves its speed is by looking up all substrings in its dictionary rather than passing every single diciontionary word over all substrings (which could take hours). So, for (...) (25 years ago, 30-Mar-00, to lugnet.admin.general) !
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Bummer -- that makes me suspect that it really truly is a horrible password then (as you surmised, and pointed out to your coworker). Yet it passed, which makes me nervous. Welp, if you someday are able to convince your coworker that this (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Try again now. :) (...) It doesn't check for up/down/left/right keyboard shifting, no. (...) It doesn't check for cross-keyboard translations either, no. If I can get my hands on more keyboard xy tables, maybe I can check for these too. (...) (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) I really would love to see how the failure, but it's not work the risk to log them, just as it's not worth the risk to store raw, non-crypted passwords. In the end, this can never be perfect, and I'm sure it will end up accidentally passing (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) I got p@$$\/\/0?oI through it as a 169. Mwhahahahahahaha! Alan (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) I meant to put in p@$$\/\/0roI in, but messed up. p@$$\/\/0roI got a 100% Alan (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) OK, try that again now. Seeing that this site is LEGO-related, it's best to treat "x" and "X" as part of numeric stuff. In fact there are many other things besides 'x' and '=' which are numeric-related. :-o It now very much dislikes numerical (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) I've been playing with the 5 character passwords trying to see how high I can get. So far I've got a 156% (Good). Rob - Rob Farver - mailto:rfarver@rcn.com (2 URLs) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) OK, try again now. (BOY is this thing getting picky now about numbers and stuff. I hope it's not getting too restrictive. I'll have to stop tinkering at some point soon.) (...) Theoretically infinite in both directions. It's just a number, and (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) OK, try again now. It should dislike the "8-9" part enough to fail it. --Todd (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Not sure how to detect this...it isn't that terrible anyway, is it? (I can see that it comes from "lego*minifig" but it's still probably strong enough?) (...) Now gives a -1030%. (...) Now gives a 200%. If LEGO sets weren't an issue it would (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
It really likes: fnark-5- (345%) but hates: fnark-5-lego (-104%) Surely that's squiffy? Or is it based on the theory that being able to guess the 'lego' part will make the 'fnark-5-' more obvious? Richard (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) I can say this much. It's not your tests. It's the context. Just like your tests give (hypothetically speaking) Lugnet123 a so so score because Lugnet isn't a word, but we know that lugnet isn't a very good root for a password to lugnet (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) You could make it stricter I think, send out an email warning with a code# to the member, and block access until they have replied. You could either use the code# to automate unblocking the account, or as part of a manual check. The code# (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) It's a side-effect of downrating fluffy portions even though they don't hurt. That is, if you have a wicked strong 8-character pw (call it "X" for short), then even though "Xlego" is no worse than "X", it takes points off for the fluffy part (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) OK, that helps...that's all I need to know...thanks! (...) Yup! (Although "Lugnet" is a word in Swedish, and it finds this. :) (...) Yup! I don't think I'll lose any sleep over it. --Todd (25 years ago, 30-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) I am starting to think that this password checker, in its current form (which I'd like to see left accessable as it IS useful) shouldn't actually block a password. It should tell me that "maybe this isn't a good choice" but it doesn't know (...) (25 years ago, 30-Mar-00, to lugnet.admin.general) !
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Formulae: e=mc^2 - Great (266%) E=mc^2 - Excellent (303%) e=m*c^2 - Outstanding (556%) E=m*c^2 - Outstanding (594%) Keyboard runs: zdt7cgu9 - Outstanding (491%) zcbmadgj - Outstanding (462%) zfu0xgi- - Outstanding (529%) Software Titles: (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) You might want to add ^ for exponentiation. I just posted a list passwords that passed, including 4 variations of the Theory of Relativity. Rob - Rob Farver - mailto:rfarver@rcn.com (2 URLs) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Ah yes! --Todd (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) The way I've done something similar in the past is to create a larger dictionary: create a temp file with all words having their vowels removed, and do the c/k mutations too, if desired. Sort and remove duplicate entries. Finally, merge back (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) OK, so work it backwards, IOW. Cool. That sounds doable, and wouldn't even increase the time it took to evaluate pw's by more than the tiniest percent. (...) Well, if the dictionary grows from 2.7 million to 3.5 million entries, that's OK -- (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Yum, yum! :-s Well, ya gotta also figure that decreasing the safety margin from 100,000 to 1000 is one thing (bad -- and I don't think that's case here), but decreasing it from, say, eleventeen hundred quintrillion down to fifty-seven (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
Todd Lehman wrote in message ... (...) [0-9]{4} . (...) to (...) longer (...) Waahh, now it hates one of my passwords... Hm, would you consider parametizing some of the things (or is the code something easily portable)? I'd like to check passwords (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Cool! OK, how about like this: ---...--- QWERTY 0 0 ~!@#$%^&*()_+ 0 0 `1234567890-= 1 1 QWERTYUIOP{}| 1 1 qwertyuiop[]\ 2 1 ASDFGHJKL:" 2 1 asdfghjkl;' 3 1 ZXCVBNM<>? 3 1 zxcvbnm,./ ---...--- TIA! --Todd (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) hmmm... I guess I wasn't thinking when I posted... the english part of the herbew keyboard is exactly the same as the US one... The hebrew part of it, cannot really be expressed in ASCII, so I guess my offer was meaningless... sorry... Unless (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
Frank Filz wrote in message ... (...) appropriate (...) Thought of another reason to allow parameters or options to the checker... Some systems have restrictions on length of password, some systems are not case sensitive, some systems may not allow (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Sure! If it's not the one at Oxford[1] University, pls. send URL! :) --Todd [1] I always think that looks like a hex number :) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) ftp://sable.ox.ac.uk...wordlists/ :) Dan (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) LOL... that reminds me. My sis used to use a password for this game we had, she was just 4 and needed something she could remember, when all she knew to write was her name. But she didn't want something SO obvious (never mind that I helped her (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
Wow, your wordlists are just nice. They even knows me and my wife..:-) Selçuk (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Cool! And thanks for checking! --Todd (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
By the way, for the special characters, it knows what "selcuk" is but doesn't know the "selçuk", which is actually the correct form. Do you want any Turkish wordlists? Selçuk (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) I haven't decoded the ASCII+127 yet on those...sorry. (...) I would love them, if you have any in their native ISO-8859-# encoding. --Todd (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
Larry Pieniazek wrote: <snip> (...) I'm not a guru on the subject by any means, but while an attacker using wordlists and trying to crack a password with bruteforce or something like, I mean, by trial and error, I think any combination of dates are (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) from (...) ALL (...) that (...) numbers (...) This was a hypothetical example. Dates are not actually good passwords, but they're easy to use to demonstrate differences in context. my birthday is a bad password for me (one of the first few (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Down the road prolly... Gotta get this cut over ASAP and get the pages stuff finished up... Did it give you enough flexibility that you could find something it liked that you could use? (That's it's only real purpose, even if it happens to be (...) (25 years ago, 1-Apr-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Yup -- those are the ones from Oxford! Great lists!!! --Todd (25 years ago, 1-Apr-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
Neat Todd! (...) It thinks <({})> is fine 250% and doesn't detect it as a pallindrome even though it is from a human point of view. You might want to add something that recognizes stuff encapsulated within open and close of the same type of (...) (25 years ago, 2-Apr-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Ouch... it passes @%)^*$, which is a +shift version of my birthdate. Now that's a bad password! Just like it doesn't allow an only numeric sequence, or an only alphabetic sequence, it should not allow an only spec. character sequence. -Shiri (25 years ago, 2-Apr-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) the ~ key (without pressing Shift) Here are the keyboard rows: 0 1 å/-À¶ØÖ¤µ¨¢ª 0 1 +ñòóôÙßõö÷øù 1 1 æäÓ¾ÐÑÕùºţ 1 1 ð"®±¸íê³Ï°,¥ 2 1 ¿Ë¡´àéèÒÊǧ 2 1 Ħ¯â¬çëÉÈ«. 3 1 ¼»áÍÔ×·Áã½ 3 1 ()©ÎÚì?²ÌÆ Might want to take that into consideration... (...) (25 years ago, 2-Apr-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) The checker should equate the following IMHO: |_ L + t < k ~ n \/ V () O or 0 "\/()+eF0rMe" (Vote for Me) for example gives a 788% success rate. "|_uGn3+" which is a complicated way to write "Lugnet" passes with 481% "|_eGoBr|<K5" (LegoBricks) (...) (25 years ago, 2-Apr-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Okay, what is left?? I am wondering what kind of imagination I will need to generate an acceptable password. So far I have had no problem generating passwords that exceed 300% acceptance, but if the acceptable parameters continue to become (...) (25 years ago, 5-Apr-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
I guess this can be fun. With a bit of tweaking here and there, I just generated a password which returned a 1269% approval rating. Anyone think they can top that? __Kevin Salm__ (25 years ago, 5-Apr-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) the wrong way. "Toy" as in "geek thing to play with" rather than as in "insignificant".) (...) Yes! Several passwords of the form "[l3G0]" (with brackets but without the quotation marks) get an adequate passing grade of ~149%. Try things like (...) (25 years ago, 12-Apr-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) Ugh. "[l3G()]" gets a 506% passing grade. (25 years ago, 12-Apr-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) 1. Can you use https for this? 2. How about a 'passwords submitted aren't logged' privacy statement? Why? 'Cause it's so cool I was instantly tempted into typing in old passwords that I no longer use, and was almost tempted into typing in (...) (25 years ago, 12-Apr-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) What's involved in setting up an https server? I remember reading once upon a time (it must've been about 2 years ago) that it could be kind of a mess, and that connections often took 1 second to authenticate. That would be a problem for (...) (25 years ago, 13-Apr-00, to lugnet.admin.general)
|
|
| | Re: Automated password appraisal (Re: New feature: Article rating)
|
|
(...) It's not too hard. But I forgot; you're using a web hosting place. (Pair?) Depending on what level of service you're paying for, you may already have ssl support. (Or conversely, it may not be an option.) (...) I've not noticed that bad of a (...) (25 years ago, 13-Apr-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) It's been a month since this was brought up, just about. Any sort of timeline on when we can expect a fix? Reminder, not being able to change passwords means passwords are broken. It's that simple. ++Lar (25 years ago, 21-Apr-00, to lugnet.admin.general)
|
|
| | Re: New feature: Article rating
|
|
(...) It's been far more than that. It was first brought up in November. (...) Likely before the end of April. It's not a crisis situation. (...) Heard you the first 3 times. Agreed twice. --Todd (25 years ago, 21-Apr-00, to lugnet.admin.general)
|