 | | Crossword question
|
|
Todd: I just got a chance to read about the engine behind the Crossword puzzle. Very very powerful and sophisticated, but also, apparently, commercial software. How does this square with the LUGNET philosophy? I thought you didn't want to use any (...) (26 years ago, 26-Sep-00, to lugnet.admin.general)
|
| |
| | Re: LUGNET Memberships
|
|
"Todd Lehman" <lehman@javanet.com> wrote in message news:G1HDIu.J6p@lugnet.com... (...) other (...) I (...) So ... are you going to tell us what is going to happen nine months from now or just leave us hanging? IMHO, the password checker and system (...) (26 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Re: LUGNET Memberships
|
|
(...) Imagine it is all you *can* do, as Todd didn't actually do the typing, he said he got lists of words readily available from the 'net that are made available (by whom?) to aid in building stronger password checkers. (and also to aid in building (...) (26 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Re: Password checks (was: Re: LUGNET Memberships)
|
|
(...) A solution to this could be to do the following: - when someone asks for a password reset, create a new password for them, put it in the list, also put it in a special "reset account" password file (along with the ID). - when the user receives (...) (26 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Re: Password crack detection and slowing (was: Re: LUGNET Memberships)
|
|
(...) Oh! One other thing, duh. An advantage this has over pure semaphores or mutexes is that, since it has a sort of "memory" about how many times an IP address has recent sent a failure, it could easily respond with immediate 403 errors (upon (...) (26 years ago, 26-Sep-00, to lugnet.admin.general, lugnet.off-topic.geek)
|
| |
| | Re: LUGNET Memberships
|
|
(...) FTP standard ASCII text document, one word per line. Convert to ISO-8859-1 if necessary (character-based search & replace, quick). Feed to indexer via pipe. Walk away, sip coffee, come back later, it's all done. No typing. --Todd (26 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Password crack detection and slowing (was: Re: LUGNET Memberships)
|
|
(...) I've been thinking about this more tonight, and reading a bit about SysV semaphores, but I don't have experience with them and I'm finding the docs confusing, especially where Perl is concerned. Anyway, upon further reflection, I wonder if (...) (26 years ago, 26-Sep-00, to lugnet.admin.general, lugnet.off-topic.geek)
|
| |
| | Re: LUGNET Memberships
|
|
(...) ^^^...^^^ Ouch! I can only imagine the time it took you to key all that data in. (26 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Re: LUGNET Memberships
|
|
(...) That's a problem. It does fail too many good pw's, partially because it tries to be too clever in transmogrifications and 20 different language lookups in its dictionary of 3 million words. (It was just as easy to put in that many as it was to (...) (26 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Re: LUGNET Memberships
|
|
(...) Yup, it's a serious system. Most systems don't take pw issues seriously. (...) We'll see how many people find it funny nine months from now. --Todd (26 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Re: LUGNET Memberships
|
|
(...) I'm amazed on how complex and sophisticated the Lugnet password system is. There are the password suggestions, Password strength analyzer which even includes an internal dictionary and gives you the CPU time that it took to analyze the (...) (26 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Re: LUGNET Memberships
|
|
(...) My old bank (US Trust) used my social security number + PIN for phone access to my account. Eep. (26 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Re: Password checks (was: Re: LUGNET Memberships)
|
|
(...) No that would work, I wrote down the password you sent me and the two new ones I chose and they are pretty memorable, I hope. Implement something that generates a new password AND wipes out ALL the old ones in one fell swoop. Then send me the (...) (26 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Re: Password checks (was: Re: LUGNET Memberships)
|
|
(...) I didn't plan for that. In the beginning, I honestly didn't think that anyone would ever forget their password (or at least not have it written down somewhere that they could find it). I'll have to come up with something. Since the pw's are (...) (26 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Re: Password checks (was: Re: LUGNET Memberships)
|
|
(...) But doesn't that make somebody have to log in again if they use *any* kind of non-static-IP connection -- i.e., a typical dial-up or DHCP connection -- and not limited only to shared proxy servers? If they're on a typical ISP dial-up PPP (...) (26 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Re: Password checks (was: Re: LUGNET Memberships)
|
|
(...) As is mine. Todd has one opinion of where that is. Some people think it is too strict. Some are happy. I wonder if any think it is too lenient? (...) I know it is affecting me. Todd sent me a new password and I set two more that hopefully I (...) (26 years ago, 26-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Re: Password checks (was: Re: LUGNET Memberships)
|
|
(...) The BrickShelf uses the cookie returned *and* the ip address that the cookie was issued to for reauthenticate login. Nobody has complained about loosing login yet via multiple proxies (i.e. aol). Also, cookies can be made *much* more difficult (...) (26 years ago, 25-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Password checks (was: Re: LUGNET Memberships)
|
|
(...) (URL) [...] On the other hand, a server could probably get around that by (...) I'm very tempted to head in that direction. Even not relaxing the strictness of the validator, I think it would be wise. (...) Cooking hacking is the logical place (...) (26 years ago, 25-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | Re: LUGNET Memberships
|
|
(...) Um, yes I know that. It's also possible to generate "human random" dictionaries that speed up brute force of "strong" passwords where users are forced within certain limits. BTW, I wonder what the keyspace is of all (8 chars and less as (...) (26 years ago, 25-Sep-00, to lugnet.people, lugnet.admin.general)
|
| |
| | FAQ group - not on main page
|
|
Hi Todd, I was looking the other day on the main lugnet page (www.lugnet.com) and realized there is no direct link to the FAQ group (news.lugnet.com/faq/). Ouch. I mean, people can't ask questions if they don't know where to ask them... Ideally, (...) (26 years ago, 25-Sep-00, to lugnet.admin.general)
|
