Re: Password Cracking

From: Mark H. Wood (mwood@mhw.ULib.IUPUI.Edu)
Date: 01/24/03


From: "Mark H. Wood" <mwood@mhw.ULib.IUPUI.Edu>
Date: Fri, 24 Jan 2003 15:08:48 +0000 (UTC)

Fireglyph <fireglyph@gmx.net> wrote:
[snip]
> the randomness involved in the generation process. A password like
> "#A!+Opz/" is as good as "TzPMjkL" if both were generated truly
> randomly, but "Orange" is definitely a weak password.

Good as far is it goes, but please remember that "#A!+Opz/" is a weak
password for an entirely different reason: nobody will even *try* to
learn such a monster by heart. They'll write it on a slip of paper
and take it out to look at it a dozen times a day, and before long a
determined intruder can find out what it is by reading it directly off
the paper.

Eventually one is able to learn even horrible things like "#A!+Opz/"
through sheer repetition. But sites which enforce the use of
hair-raising passwords also tend to limit password lifetime, with the
likely result that nobody ever has time to learn his password by heart
before it is forcibly retired.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".