On Thu, 22 Jul 2004, s. keeling wrote:

> > > I disagree.  A cracking program is going to attempt to match
> > > permutations of dictionary words.  This will not add much more time to


how fast can a cracking system go thru dictionary words that are mispelled 
with various digits and special char
        - changing o to 0 ( and equivalents ) wont slow down the crackers

        - brute force cracking will take 60**8 permutations (1.7x10**14) :-)
                ( a-z A-Z 0-9 30special chars )
                - a small number of permutations by math standards

        - but NOT all character positions will be special random
        characters which than simplifies the possible permutations

if you can think of these modified passwd, a good cracking program should
already be checking for it too :-)

-- a trick question ... how does the cracker know that they hit the right
   passwd ??
        - they cant be logging into your box for each try
                - your box should be denying remote access after 3-5 
                failed login attempts

        - and hopefully, they don't have the passwd file from /etc/shadow
        to compare against 

> However, if you haven't moved to RSA based longer passwords, that's
> effectively "x[([EMAIL PROTECTED])" (which isn't bad, but you may be typing more than
> is recognized).  Stock passwords are eight chars.  The rest are ignored.

it seem like some systems uses more than 8char pwd and others ignore the
balance ..

c ya

with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to