Subject:
|
Re: Automated password appraisal (Re: New feature: Article rating)
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Fri, 31 Mar 2000 12:09:33 GMT
|
Viewed:
|
4601 times
|
| |
|
|
In lugnet.admin.general, Selçuk Göre writes:
>
>
> Larry Pieniazek wrote:
>
> <snip>
>
> > Then my birthday is a not very good password FOR ME because it's guessable • from
> > context, my birthday is easily obtainable. But it's not a bad password at • ALL
> > for Ed Jones, who has no explicit connection to me that anyone knows of,
> > because it's just a random string of dates and slashes. It has no meaning • that
> > an attacker can guess and so is as strong as any other random string of • numbers
>
> I'm not a guru on the subject by any means, but while an attacker using
> wordlists and trying to crack a password with bruteforce or something
> like, I mean, by trial and error, I think any combination of dates are
> just easy cakes. for a format of mm/dd/yy, there are only 36500
> possibilities for a 100 year period, for example. Just a thought..:-)
This was a hypothetical example. Dates are not actually good passwords, but
they're easy to use to demonstrate differences in context. my birthday is a bad
password for me (one of the first few things to check if you know me) but not
nearly as bad for someone else (because it takes brute force, although as you
say, not much)
++Lar
|
|
Message is in Reply To:
309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
