[WEB SECURITY] Passwords : include a space

Jeff Robertson jeff.robertson at gmail.com
Mon Jan 28 17:10:07 EST 2008


On Jan 28, 2008 4:40 PM, Paul Schmehl <pauls at utdallas.edu> wrote:
> >
> > (Example: yellow banana)
> >
>
> The example you give would be cracked in a few minutes using a modern machine
> and a good cracker (e.g. John the Ripper).  It would be far better to use
> Ye11oW B at nAn@.

But how much better is that really? A cracker should be able to
translate its entire wordlist to 1337 speak just as well as a human
user can.

I had always assumed that password complexity rules were about
brute-force login attempts, not about cracking.

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list