Re: Password Security
- From: "Donnie" <queyosepa@xxxxxxxxxxxxxx>
- Date: Tue, 24 Jan 2006 02:38:05 GMT
>
> If an attacker can "try" one per second, on average, then it will take
> about 7 million years. (6.9e6) (Yes, as other commentators said, you
> really are looking at the 50/50. So divide all my results by 2 if you
must)
>
##############################################
Here are some passwds for servers running Front Page (right column).
test (iqstech)
pdgt ( rkm)
4210 ( esven)
rules (ahold)
Look how weak they are It took John The Ripper about 4 minutes to crack
them. That's 4 out of 31 in the file that I created.
I'll let JTR run on the file for no more than 2 days at the most. Noone in
their right mind is going to spend months trying to crack them unless it's
one company trying to find out what their competitor is doing or something
else that might mean a lot of money and if it means that much, I'm sure they
will look for another way to enter. The point is that it's just not
necessary to ANALyse passwds that much. If you force your users to go w/
the 8 mixed characters or more or as someone said, use phrases, that's the
end of the story. BTW, if you're using front page, make sure that
/_vti_pvt/service.pwd is not readable.
donnie
.
- References:
- Password Security
- From: Joseph
- Re: Password Security
- From: John Hyde
- Password Security
- Prev by Date: Re: Malicious programs that are installed via HTML.
- Next by Date: Re: I zap Google cookies but it tracks me by IP - what else?
- Previous by thread: Re: Password Security
- Next by thread: Re: Password Security
- Index(es):
Relevant Pages
|
