Horst Herb <[EMAIL PROTECTED]> wrote: > Most passwords that users can memorize can be effectively brute force > cracked > too - provided it is possible to extract the password hash against which > brute force attempts can be compared.
Yup, here is a popular press article from a few months ago which covers just this topic: http://www.smh.com.au/news/security/code-cracking-is-the-new-pot-of-gold/2006/09/18/1158431640596.html or http://tinyurl.com/qvkse The article notes that recent versions of Abobe Arcobat which use 128-bit keys are not vulnerable to this form of "pre-computed hash table lookup" attack. They are still vulnerable to password guessing attacks, though, in which likely shorter passwords are tried (starting with words in the dictionary, plus lists of names, and then systematically varying the case of the letters and adding or substitituting numbers. But such attacks are also infeasible provided your password is long enough and not readily guessable. It is possible to memorise passwords in the form of a series of unrelated words, ideally interspersed with random numbers and with mixed upper and lower case. However, such passwords need to have six or more words in them, and hence they are quite tedious to type over and over again, even if they can be quite easily remembered. Tim C _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
