There's also the storage issue. However, creating passwords that contain words from dictionaries doesn't significantly increase the time taken to crack the password. I seem to recall articles posted to this very list covering examples of offline cracking of harvested password hashes. The crackers all have tools that substitute in words from dictionaries.
Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of Micheal Espinola Jr Sent: Saturday, 9 August 2014 5:10 PM To: ntsysadm Subject: Re: [NTSysADM] Re: Something to share with your users, so they can see how passwords matter Perhaps you mean that generating them is difficult, but using them is far from impractical. -- Espi On Fri, Aug 8, 2014 at 11:09 PM, Klaus Hartnegg <[email protected]<mailto:[email protected]>> wrote: Am 09.08.2014 um 05:23 schrieb "Michael B. Smith" <[email protected]<mailto:[email protected]>>: you should spend some time learning how Rainbow Tables operate. Rainbow tables don't work at all if the password has sufficient length. They are magic for 8 characters, but impractical for 10 or more.
