Re: Password policy.
On Tuesday 13 November 2018 11:23:13 email@example.com wrote:
>_password specifies "6 to 8 characters". Is that adequate against
> currently available brute force?
> Thanks, ... Peter E.
"John the ripper" can find a 6 char word in a couple seconds on a slow
machine. Every char you add multiplies that time by 62 or so depending
on the valid char spec. 52 for upper and lowercase plus 0-9= 62. Add 13
more if you allow the punctuation on the upper row of keys shifted, I
ran into a supplier site still useing 8 chars last summer, and sent them
a 'gram about it, fussing that I won't do business with such a poorly
protected site. I got an email from them the next Tuesday proclaiming
their network guy had expanded the passwd length to 127 chars. I like
20+ chars personally as that would take John about the rest of the time
for the universe to run down to find. But there are better tools for the
specialists at hacking than John. Please keep that in mind.
Cheers, Gene Heskett
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>