I'd be interested in seeing it. > From: "Mark J. Handy" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Fri, 22 Mar 2002 12:29:17 -0500 > To: <[EMAIL PROTECTED]> > Subject: RE: [CFTALKTor] password generation > > At the moment, I'm generating a password where the length is determined by a > drop down (4 to 15 characters). Display occurs after it's been validated to > contain at least one number and one letter, so I don't get a password that's > all letters or all numbers. If anyone wants to see the code, I'll post it. > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Glenn Shukster > Sent: Friday, March 22, 2002 12:27 PM > To: [EMAIL PROTECTED] > Subject: Re: [CFTALKTor] password generation > > If you wanted to make it even harder for a hacker include at least one > non alpha numeric character like a !. > This will take them longer to hack for it increases the number of > possible combinations. > > [EMAIL PROTECTED] wrote: >> >> Just some insight into the problem, I read an article a few months ago > that >> demonstrated that, by "guessing" with known popular usernames it would on >> average take a hacker less then 5 minutes to guess *someones* password. > If >> at least one user used a dictionary word for their password, then the > hacker >> could be GUARANTEED to be able to guess a user password within 15 minutes. >> >> Once a hacker has gained user access, its usually possible to gain >> administrator/root privileges, because there are frequently local >> utility/application flaws lying around unpatched that can be exploited. >> >> I wish I had snipped the article now to refer to it, but it does not take > to >> much thinking with todays high speed processors and high bandwidth > internet >> connections that such is feasible. >> >> This is not intended to be snippy, but I expect you have never had a > server >> you are responsible for hacked, else you would not be quite so loose with >> password security rules. >> >> Terry Fielder >> Network Engineer >> Great Gulf Homes / Ashton Woods Homes >> [EMAIL PROTECTED] >> >>> -----Original Message----- >>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On >>> Behalf Of [EMAIL PROTECTED] >>> Sent: Friday, March 22, 2002 11:45 AM >>> To: [EMAIL PROTECTED] >>> Subject: [CFTALKTor] password generation >>> >>> >>> How to check for numbers has been answered. I am wondering >>> why you are >>> forcing people to include numbers in their password. >>> >>> Given the number of login situations (including ATMs, etc) >>> any of us have >>> to deal with in out lives ( I have over a dozen for work >>> alone), you have >>> to take into account how many passwords any one person can be >>> expected to >>> memorize. Since the number of login situations will probably >>> exceed the >>> number of passwords anyone can memorize, developers have an >>> option of what >>> they are going to do to their users. >>> >>> You can be mean and include rules for passwords, which increases the >>> liklihood that this particular password will only be useful for one >>> application, and, as such, will less likely to be memorized. >>> Or, you can >>> be have no rules for passwords and let the user look after their own >>> security. >>> >>> For the record, this is one of my pet peeves. >>> >>> ************************************ >>> I'm creating a small util for generating a password, which is >>> working fine. >>> What I'm have trouble doing is checking that the generated password >>> contains at least one number. I'm looking for an quick way to >>> check, rather >>> than checking each character, which could be a problem. >>> >>> >>> >>> >>> - >>> You are subscribed to the CFUGToronto CFTALK ListSRV. >>> This message has been posted by: [EMAIL PROTECTED] >>> To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/ >>> Manager: Kevin Towes ([EMAIL PROTECTED]) >> http://www.CFUGToronto.org/ >> This System has been donated by Infopreneur, Inc. >> (http://www.infopreneur.net) >> >> - >> You are subscribed to the CFUGToronto CFTALK ListSRV. >> This message has been posted by: [EMAIL PROTECTED] >> To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/ >> Manager: Kevin Towes ([EMAIL PROTECTED]) > http://www.CFUGToronto.org/ >> This System has been donated by Infopreneur, Inc. >> (http://www.infopreneur.net) > > -- > Cheers > Glenn Shukster (Logic Fundamentals Inc.) Thornhill, Ont. Canada > Phone:(905)771-6458 Fax:(905)771-6819 www.logicfundamentals.com > President of TDUG www.tdug.com > - > You are subscribed to the CFUGToronto CFTALK ListSRV. > This message has been posted by: Glenn Shukster <[EMAIL PROTECTED]> > To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/ > Manager: Kevin Towes ([EMAIL PROTECTED]) http://www.CFUGToronto.org/ > This System has been donated by Infopreneur, Inc. > (http://www.infopreneur.net) > > - > You are subscribed to the CFUGToronto CFTALK ListSRV. > This message has been posted by: "Mark J. Handy" <[EMAIL PROTECTED]> > To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/ > Manager: Kevin Towes ([EMAIL PROTECTED]) http://www.CFUGToronto.org/ > This System has been donated by Infopreneur, Inc. > (http://www.infopreneur.net)
- You are subscribed to the CFUGToronto CFTALK ListSRV. This message has been posted by: Karl Zarudny <[EMAIL PROTECTED]> To Unsubscribe, Please Visit and Login to http://www.CFUGToronto.org/ Manager: Kevin Towes ([EMAIL PROTECTED]) http://www.CFUGToronto.org/ This System has been donated by Infopreneur, Inc. (http://www.infopreneur.net)
