RE: AOL passwords / crypt() and online brute forcing
From: Fab Siciliano (fsiciliano@optiumcorp.com)Date: 05/01/02
- Previous message: Ken Ludeman: "RE: Wlan @ bestbuy is cleartext?"
- In reply to: gotcha: "Re: AOL passwords / crypt() and online brute forcing"
- Next in thread: gotcha: "Re: AOL passwords / crypt() and online brute forcing"
- Next in thread: TUTTLE, TERESA A (SBCSI): "RE: AOL passwords"
- Reply: gotcha: "Re: AOL passwords / crypt() and online brute forcing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Fab Siciliano" <fsiciliano@optiumcorp.com> To: <vuln-dev@securityfocus.com> Date: Wed, 1 May 2002 16:43:17 -0400
They can. The 1 is changing to a 2.
> -----Original Message-----
> From: gotcha [mailto:fmu@hushmail.com]
> Sent: Wednesday, May 01, 2002 4:39 PM
> To: Erik Parker
> Cc: vuln-dev@securityfocus.com
> Subject: Re: AOL passwords / crypt() and online brute forcing
>
>
> On Wed, May 01, 2002 at 12:20:44PM -0500, Erik Parker wrote:
> > if you take the 94 displayable ascii characters.. and do
> 94^8 you have
> > a possible 6,095,689,385,410,816.. So about 6 quadrillion
> passwords
> > to try..
>
> i think that's not the issue. the real problem is that people
> think they can block access by changing a password from
> foobar111 to foobar123.
>
> --gotcha
>
- Previous message: Ken Ludeman: "RE: Wlan @ bestbuy is cleartext?"
- In reply to: gotcha: "Re: AOL passwords / crypt() and online brute forcing"
- Next in thread: gotcha: "Re: AOL passwords / crypt() and online brute forcing"
- Next in thread: TUTTLE, TERESA A (SBCSI): "RE: AOL passwords"
- Reply: gotcha: "Re: AOL passwords / crypt() and online brute forcing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
