To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.off-topic.debateOpen lugnet.off-topic.debate in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Off-Topic / Debate / 5516
5515  |  5517
Subject: 
 Re: PW validation terms/labels
Newsgroups: 
 lugnet.off-topic.debate
Date: 
 Fri, 5 May 2000 18:30:49 GMT
Viewed: 
 2534 times
  
In lugnet.admin.general, Frank Filz writes:
Perhaps part of the problem is the relative weights attached to various
elements of strength of passwords. I would generally agree that a 4
character password should not be accepted (of course I suspect most of
us have a significant amount of money protected only by our physical
possesion of a plastic card, and a 4 DIGIT password - I at least chose
an 8 digit PIN the one time I was allowed to chose a PIN, but few ATM
systems these days allow anything other than a 4 digit PIN).

For the average person or script kiddle to crack a 4-digit PIN via brute
force, they'd have to:

(1) first actually get someone's card; and then
(2) manually try out up to 10,000 combinations, and IIRC, ATM's are programmed
    to eat cards after a few failed attempts, and they'll probably be on
    videotape too.

For the average person or script kiddle to crack a 4-digit PW on the Internet,
all they need to do is write a tiny script, then sit back and watch it go, all
relatively untraceable if they're being careful.  Even if they're not being
careful, it would still be trivial for them to crack a 4-digit PW or cause a
DoS if service were denied after a few failed attempts.

Unless the cracker works in the banking industry, comparing PINs to PW's is
apples and orange, my friend.  :)

--Todd



Message has 1 Reply:
  Re: PW validation terms/labels
 
(...) (1) is certainly true, (2) is mostly true (there are many ATMs, including ones in stores which can not eat cards, and probably don't alert the cashier to take the card [possibly dangerous if the person using the card is a real criminal]). (...) (25 years ago, 5-May-00, to lugnet.off-topic.debate)

Message is in Reply To:
  Re: PW validation terms/labels
 
(...) Perhaps part of the problem is the relative weights attached to various elements of strength of passwords. I would generally agree that a 4 character password should not be accepted (of course I suspect most of us have a significant amount of (...) (25 years ago, 5-May-00, to lugnet.admin.general, lugnet.off-topic.debate)

309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR