To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 5731
5730  |  5732
Subject: 
Re: Automated password appraisal (Re: New feature: Article rating)
Newsgroups: 
lugnet.admin.general
Date: 
Thu, 30 Mar 2000 17:15:57 GMT
Highlighted: 
(details)
Viewed: 
3996 times
  
Todd:

   http://www.lugnet.com/people/members/pwsa/

First important question:

   Are there any bad passwords which this fails to reject?  (If it rejects
   a seemingly good password, that's not necessarily a problem.  Failing to
   reject a bad password is a far more serious problem.)

Grasp your French MacKeyboard. Start with the 'a' (upper
left letter), next you go one up to the '&', then you go one
right to 'é', one down to 'z', one right to 'e', one up to
'"' (double quote), one left to ''' (single quote), and
finally one down to 'r'.

   a&éze"'r

is a very easy to type password (and maybe I shouldn't have
revealed it here).

Second important question:

   Are there words that you can think of which this fails to detect as
   potential weaknesses?  (Try to stump it!)

Legoland translated one row down and slightly to the left
(on a US MacKeyboard) is

   <svk,` x

which isn't all that bad a password.

I don't know if this really is a bad password, but I
couldn't resist trying it:

   2x4=3001

Another lost password choosing algorithm :-(

Non-English words containing characters outside of the strict 7-bit ASCII
character set are not yet handled (detected) properly.  This is because the
original word lists for those languages encoded these non-ASCII extended
characters using double-byte sequences which I haven't yet figured out how
to decode.  (Some are simple and obvious, for example :a for umlaut-a, or
/o for slash-o, but others, like curly braces and angle brackets, are still
mystifying.  There was no decoding documentation available with the source
files (or else I missed it somehow) but if a few people are willing to have
a look at a few examples in each language, we can probably figure it out
pretty quickly.  (I'll double-check again for decoding docs first.)

I wouldn't mind having a look. I don't know if you have a
copy of "my" wordlists [1,2].

Play well,

Jacob

1) <URL: http://www.sslug.dk/locale/ispell/autobuild/ >
2) <URL: http://hugin.ldraw.org/ifaroese/autobuild/ >

------------------------------------------------------------
--  E-mail:               sparre@cats.nbi.dk              --
--  Web...:       <URL: http://www.ldraw.org/FAQ/ >       --
------------------------------------------------------------



Message has 2 Replies:
  Re: Automated password appraisal (Re: New feature: Article rating)
 
(...) It catches the isomorphic QWERTY instance of this ("q12we34r") but I'd love to add xy-tables for Dvorak and non-US keyboards. Any data pointers? (...) That's a sneaky one! :) (...) Ooh -- I'd better make sure that it dislikes [0-9]+[xX][0-9]+ (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  
  Re: Automated password appraisal (Re: New feature: Article rating)
 
(...) OK, try that again now. Seeing that this site is LEGO-related, it's best to treat "x" and "X" as part of numeric stuff. In fact there are many other things besides 'x' and '=' which are numeric-related. :-o It now very much dislikes numerical (...) (25 years ago, 30-Mar-00, to lugnet.admin.general)  

Message is in Reply To:
  Re: Automated password appraisal (Re: New feature: Article rating)
 
(...) OK, here it is: (URL) summary: Type in a password and it tells you "pass" or "fail". First important question: Are there any bad passwords which this fails to reject? (If it rejects a seemingly good password, that's not necessarily a problem. (...) (25 years ago, 30-Mar-00, to lugnet.admin.general) !! 

309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    

Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR