On Friday 21 June 2002 08:07 pm, [EMAIL PROTECTED] wrote:
> > It is worthwhile to note that as a brute-force cracking tool, LC3 is
> > going through all the possible password permutations within the
> > searchspace regardless of case of the letters therein. Indeed, if the
> > attacker can limit the searchspace to all passwords containing only
> > lowercase alphanumerics,
>
> This actually surprises me. I would expect that most attackers would try a
> dictionary and simple permutation scan first, and I would have expected
> that most brute-force cracking tools would start with the 'easy' scans
> (lower case only, lower case and numbers, mixed case and numbers) before
> attempting the 500-times harder scan through every possible character.
> Either my numbers are wrong, your understanding of l0phtcrack is wrong, or
> the guys at l0pht are stupid! I have to look into this!!
In this case, it would seem that the second assertion is the accurate one.
