password strength checking not consistently implemented
Gary W. Swearingen
underway at comcast.net
Fri Aug 15 09:30:07 PDT 2003
Terry Lambert <tlambert2 at mindspring.com> writes:
> Without the strength checking on the password change, I have to
> reexpand my search space to the entire search space, and it takes
> a lot longer to crack passwords.
...
> Thanks,
> A. Hacker
I'd think that that would depend on the people choosing passwords and
whether the cracker is going after one particular user or just any one
of many. I'd expect it, on average, to take a lot less long if you
start your search well: "password", "drowssap", etc.
(I guess it makes sense that "A. Hacker" WOULD try to discourage
password strength checking. :)
This reminds me of the guy who insisted on setting his lock with truly
random numbers and his truly random number generator spit out 0, 0, 0
(or whatever the factory default was).
More information about the freebsd-chat
mailing list