Re: Password Cracking

From: Mark H. Wood (mwood@mhw.ULib.IUPUI.Edu)
Date: 01/24/03

From: "Mark H. Wood" <mwood@mhw.ULib.IUPUI.Edu>
Date: Fri, 24 Jan 2003 15:08:48 +0000 (UTC)

Fireglyph <> wrote:
> the randomness involved in the generation process. A password like
> "#A!+Opz/" is as good as "TzPMjkL" if both were generated truly
> randomly, but "Orange" is definitely a weak password.

Good as far is it goes, but please remember that "#A!+Opz/" is a weak
password for an entirely different reason: nobody will even *try* to
learn such a monster by heart. They'll write it on a slip of paper
and take it out to look at it a dozen times a day, and before long a
determined intruder can find out what it is by reading it directly off
the paper.

Eventually one is able to learn even horrible things like "#A!+Opz/"
through sheer repetition. But sites which enforce the use of
hair-raising passwords also tend to limit password lifetime, with the
likely result that nobody ever has time to learn his password by heart
before it is forcibly retired.

Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".