On Feb 22, 2006, at 9:39 PM, Joe Huber wrote:
Unless the attacker knows that the system is case-insensitive, the
mean time to break-in will be the same since they will still test
passwords of all case.
Huh???
If passwords are case insensitive, there are a lot more character
patterns that will match the password, and hence a much higher
probablility that one of those patterns will be hit (thus cracked)
before precisely matching the case sensitive password.
Whoops, duh. My mistake.
Adam
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
