From owner-freebsd-chat@FreeBSD.ORG Fri Aug 15 09:30:06 2003 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B38EF37B401 for ; Fri, 15 Aug 2003 09:30:06 -0700 (PDT) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id 07EB043F75 for ; Fri, 15 Aug 2003 09:30:06 -0700 (PDT) (envelope-from underway@comcast.net) Received: from localhost.localdomain (12-230-74-101.client.attbi.com[12.230.74.101](untrusted sender)) by attbi.com (rwcrmhc12) with ESMTP id <20030815163005014003mbroe>; Fri, 15 Aug 2003 16:30:05 +0000 Received: from localhost.localdomain (localhost [127.0.0.1]) by localhost.localdomain (8.12.9/8.12.9) with ESMTP id h7FGT3SE081469; Fri, 15 Aug 2003 09:29:04 -0700 (PDT) (envelope-from underway@comcast.net) Received: (from jojo@localhost) by localhost.localdomain (8.12.9/8.12.9/Submit) id h7FGSseG081468; Fri, 15 Aug 2003 09:28:54 -0700 (PDT) (envelope-from underway@comcast.net) To: Terry Lambert References: <20030814225453.GA1385@node1.cluster.srrc.usda.gov> <3F3C9E22.D24F3C0A@mindspring.com> From: underway@comcast.net (Gary W. Swearingen) Date: Fri, 15 Aug 2003 09:28:53 -0700 In-Reply-To: <3F3C9E22.D24F3C0A@mindspring.com> (Terry Lambert's message of "Fri, 15 Aug 2003 01:47:30 -0700") Message-ID: <9ek79edgvu.79e@mail.comcast.net> User-Agent: Gnus/5.1002 (Gnus v5.10.2) XEmacs/21.1 (Cuyahoga Valley, berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: chat@freebsd.org cc: Glenn Johnson Subject: Re: password strength checking not consistently implemented X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Aug 2003 16:30:07 -0000 Terry Lambert writes: > Without the strength checking on the password change, I have to > reexpand my search space to the entire search space, and it takes > a lot longer to crack passwords. ... > Thanks, > A. Hacker I'd think that that would depend on the people choosing passwords and whether the cracker is going after one particular user or just any one of many. I'd expect it, on average, to take a lot less long if you start your search well: "password", "drowssap", etc. (I guess it makes sense that "A. Hacker" WOULD try to discourage password strength checking. :) This reminds me of the guy who insisted on setting his lock with truly random numbers and his truly random number generator spit out 0, 0, 0 (or whatever the factory default was).