Re: Password Cracking

From: Dave Aronson (spamtrap.secfocus_at_dja.mailme.org)
Date: 09/16/04

  • Next message: Kenton Smith: "RE: Detecting new Windows .jpeg exploit"
    To: security-basics@securityfocus.com
    Date: Wed, 15 Sep 2004 20:02:31 -0400
    
    

    Jonathan Loh <kj6loh@yahoo.com> wrote:

    > One of my fellow sysadmins uses the following: Take any word could
    > be from the dictionary or not. Use 0's, 1's, 5's and so on for
    > letter substitutions.

    Many password crackers use such substitutions. To make total subbing
    (which is what I would guess they try first) not work, what I do is not
    sub for every one. At various times, I have subbed only the first one,
    odd-numbered ones (i.e., 1st, 3rd, 5th, etc.), even-numbered ones, every
    3rd starting with the 2nd, and other patterns. Of course, random would
    probably be a bit better, but makes it much harder to remember....

    ---------------------------------------------------------------------------
    Computer Forensics Training at the InfoSec Institute. All of our class sizes
    are guaranteed to be 12 students or less to facilitate one-on-one
    interaction with one of our expert instructors. Gain the in-demand skills of
    a certified computer examiner, learn to recover trace data left behind by
    fraud, theft, and cybercrime perpetrators. Discover the source of computer
    crime and abuse so that it never happens again.

    http://www.infosecinstitute.com/courses/computer_forensics_training.html
    ----------------------------------------------------------------------------


  • Next message: Kenton Smith: "RE: Detecting new Windows .jpeg exploit"