Date: Fri, 15 Aug 2003 09:28:53 -0700 From: underway@comcast.net (Gary W. Swearingen) To: Terry Lambert <tlambert2@mindspring.com> Cc: Glenn Johnson <gjohnson@srrc.ars.usda.gov> Subject: Re: password strength checking not consistently implemented Message-ID: <9ek79edgvu.79e@mail.comcast.net> In-Reply-To: <3F3C9E22.D24F3C0A@mindspring.com> (Terry Lambert's message of "Fri, 15 Aug 2003 01:47:30 -0700") References: <20030814225453.GA1385@node1.cluster.srrc.usda.gov> <3F3C9E22.D24F3C0A@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Terry Lambert <tlambert2@mindspring.com> writes: > Without the strength checking on the password change, I have to > reexpand my search space to the entire search space, and it takes > a lot longer to crack passwords. ... > Thanks, > A. Hacker I'd think that that would depend on the people choosing passwords and whether the cracker is going after one particular user or just any one of many. I'd expect it, on average, to take a lot less long if you start your search well: "password", "drowssap", etc. (I guess it makes sense that "A. Hacker" WOULD try to discourage password strength checking. :) This reminds me of the guy who insisted on setting his lock with truly random numbers and his truly random number generator spit out 0, 0, 0 (or whatever the factory default was).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9ek79edgvu.79e>