Re: Password Cracking

From: Mark H. Wood (mwood@mhw.ULib.IUPUI.Edu)
Date: 01/24/03

From: "Mark H. Wood" <mwood@mhw.ULib.IUPUI.Edu>
Date: Fri, 24 Jan 2003 15:08:48 +0000 (UTC)

Fireglyph <> wrote:
> the randomness involved in the generation process. A password like
> "#A!+Opz/" is as good as "TzPMjkL" if both were generated truly
> randomly, but "Orange" is definitely a weak password.

Good as far is it goes, but please remember that "#A!+Opz/" is a weak
password for an entirely different reason: nobody will even *try* to
learn such a monster by heart. They'll write it on a slip of paper
and take it out to look at it a dozen times a day, and before long a
determined intruder can find out what it is by reading it directly off
the paper.

Eventually one is able to learn even horrible things like "#A!+Opz/"
through sheer repetition. But sites which enforce the use of
hair-raising passwords also tend to limit password lifetime, with the
likely result that nobody ever has time to learn his password by heart
before it is forcibly retired.

Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".

Relevant Pages

  • Re: Twin Primes Conjecture
    ... >>>Yes, I agree with you it is nonsense, if and only if you can prove ... >>>knowledge nobody has ever proved or disproved the randomness of the ... Prev by Date: ...
  • Re: Luann 2/21
    ... Remember that nobody accepts randomness in his own success, ... only his failure. ...
  • Dan ONeill salutes the Gipcentennial
    ... Mark Jackson - ... Remember that nobody accepts randomness in his own success, ...
  • Re: Dawkins weasel program random selection or selection at random?
    ... Well actually from a pure math point of view nobody knows what ... Well, actually, from apure mathpoint of view, we know quite well - I ... We know what randomness ...