[WEB SECURITY] Passwords : include a space

Cave Crickett crickett at gmail.com
Mon Jan 28 17:44:07 EST 2008


What scares me most about passwords is that people use the same ones on
trusted and untrusted systems.  So not only do I need strong passwords, I
need unique ones for each site / system I access. This gets WAY tedious VERY
fast.

G



On Jan 28, 2008 3:10 PM, Jeff Robertson <jeff.robertson at gmail.com> wrote:

> On Jan 28, 2008 4:40 PM, Paul Schmehl <pauls at utdallas.edu> wrote:
> > >
> > > (Example: yellow banana)
> > >
> >
> > The example you give would be cracked in a few minutes using a modern
> machine
> > and a good cracker (e.g. John the Ripper).  It would be far better to
> use
> > Ye11oW B at nAn@.
>
> But how much better is that really? A cracker should be able to
> translate its entire wordlist to 1337 speak just as well as a human
> user can.
>
> I had always assumed that password complexity rules were about
> brute-force login attempts, not about cracking.
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>


-- 
Greg Bosen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20080128/a16dd8eb/attachment.html>


More information about the websecurity mailing list