cracking - Re: See what a weak password will get ya?
On Thu, 22 Jul 2004, s. keeling wrote:
> > > I disagree. A cracking program is going to attempt to match
> > > permutations of dictionary words. This will not add much more time to
...
how fast can a cracking system go thru dictionary words that are mispelled
with various digits and special char
- changing o to 0 ( and equivalents ) wont slow down the crackers
- brute force cracking will take 60**8 permutations (1.7x10**14) :-)
( a-z A-Z 0-9 30special chars )
- a small number of permutations by math standards
- but NOT all character positions will be special random
characters which than simplifies the possible permutations
if you can think of these modified passwd, a good cracking program should
already be checking for it too :-)
-- a trick question ... how does the cracker know that they hit the right
passwd ??
- they cant be logging into your box for each try
- your box should be denying remote access after 3-5
failed login attempts
- and hopefully, they don't have the passwd file from /etc/shadow
to compare against
> However, if you haven't moved to RSA based longer passwords, that's
> effectively "x[(P@s$)" (which isn't bad, but you may be typing more than
> is recognized). Stock passwords are eight chars. The rest are ignored.
it seem like some systems uses more than 8char pwd and others ignore the
balance ..
c ya
alvin
Reply to: