Subject:
|
Re: Automated password appraisal (Re: New feature: Article rating)
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Wed, 12 Apr 2000 22:45:48 GMT
|
Viewed:
|
3855 times
|
| |
|
|
In lugnet.admin.general, Susan Hoover wrote:
> In lugnet.admin.general, Todd Lehman wrote:
>
> > In lugnet.admin.general, Todd Lehman writes:
> > > [...]
> > > I'll put this password thingy up on a webpage for people to try
> > > out, maybe later tonight. If we can all agree that it does a
> > > good job of weeding out bad passwords, then I'll put it into
> > > place for where you can actually change your own password.
> >
> > OK, here it is:
> >
> > http://www.lugnet.com/people/members/pwsa/
>
> What a neat tool! (Almost said "toy", but some people might take it
> the wrong way. "Toy" as in "geek thing to play with" rather than as
> in "insignificant".)
>
> > First important question:
> >
> > Are there any bad passwords which this fails to reject? (If it
> > rejects a seemingly good password, that's not necessarily a
> > problem. Failing to reject a bad password is a far more serious
> > problem.)
>
> Yes! Several passwords of the form "[l3G0]" (with brackets but
> without the quotation marks) get an adequate passing grade of ~149%.
> Try things like !Ll1 for the L, 3E for E, G6 for G, 0O or the ()
> pair for O.
Ugh. "[l3G()]" gets a 506% passing grade.
--
Susan Hoover
Houston, TX
|
|
Message is in Reply To:
309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
