[WEB SECURITY] Passwords : include a space

bugtraq at cgisecurity.net bugtraq at cgisecurity.net
Mon Jan 28 17:19:48 EST 2008


John the Ripper does have l33tspe4k mutation modules available so not adding much protection here.

- Robert
http://www.cgisecurity.com/
http://www.qasec.com/
http://www.webappsec.org/

> 
> On Jan 28, 2008 4:40 PM, Paul Schmehl <pauls at utdallas.edu> wrote:
> > >
> > > (Example: yellow banana)
> > >
> >
> > The example you give would be cracked in a few minutes using a modern machine
> > and a good cracker (e.g. John the Ripper).  It would be far better to use
> > Ye11oW B at nAn@.
> 
> But how much better is that really? A cracker should be able to
> translate its entire wordlist to 1337 speak just as well as a human
> user can.
> 
> I had always assumed that password complexity rules were about
> brute-force login attempts, not about cracking.
> 
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
> 
> Have a question? Search The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/
> 
> Subscribe via RSS: 
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> 


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list