RE: AOL passwords / crypt() and online brute forcing

From: Fab Siciliano (fsiciliano@optiumcorp.com)
Date: 05/01/02


From: "Fab Siciliano" <fsiciliano@optiumcorp.com>
To: <vuln-dev@securityfocus.com>
Date: Wed, 1 May 2002 16:43:17 -0400

They can. The 1 is changing to a 2.

> -----Original Message-----
> From: gotcha [mailto:fmu@hushmail.com]
> Sent: Wednesday, May 01, 2002 4:39 PM
> To: Erik Parker
> Cc: vuln-dev@securityfocus.com
> Subject: Re: AOL passwords / crypt() and online brute forcing
>
>
> On Wed, May 01, 2002 at 12:20:44PM -0500, Erik Parker wrote:
> > if you take the 94 displayable ascii characters.. and do
> 94^8 you have
> > a possible 6,095,689,385,410,816.. So about 6 quadrillion
> passwords
> > to try..
>
> i think that's not the issue. the real problem is that people
> think they can block access by changing a password from
> foobar111 to foobar123.
>
> --gotcha
>



Relevant Pages

  • Re: AOL passwords / crypt() and online brute forcing
    ... i need to work on my char counting skillz:> ... >> To: Erik Parker ... >> think they can block access by changing a password from ...
    (Vuln-Dev)
  • Re: AOL passwords / crypt() and online brute forcing
    ... So about 6 quadrillion ... > passwords to try.. ... the real problem is that people think ... they can block access by changing a password from foobar111 to foobar123. ...
    (Vuln-Dev)
  • Re: Really good spam filtering (Bayesian)
    ... >> That is a real problem. ... If you call Delta Airlines and make a ... >> reservation, how do you know what email address to ask to your PASS ... >> don't keep track of dozens of passwords. ...
    (comp.os.linux.networking)
  • Re: Attempt to breakin
    ... >>2) Lock out direct root logins, require people to come in as a normal ... Nobody can guess passwords if sshd won't accept passwords ... >> off or add deny entries in hosts.allow to block access to sshd from ...
    (comp.os.linux.networking)