[Sussex] Password totals
Geoff Teale
gteale at cmedltd.com
Thu Mar 11 14:19:47 UTC 2004
On Thu, 2004-03-11 at 14:00 +0000, Gareth Ablett wrote:
> Damn and I was going to write a quick script to show how it would be
> done I still could and might I could do it in C as well maybe.
It's faster still to use a previously generated list that's been sorted
for commonly used combinations. Usually though the speed limiting
factor is defined by an arbitrary pause in the system requesting the
password following a failed attempt. Better still some systems lock
down an account after a set number of failed attempts.
In short - passwords are weak security, but automated attacks are rare -
it's far more likely that users pick an obvious password of give it away
to anyone who says that they're a sys-admin. For this reason the
theoretical multiplier of obscurity (i.e. the number of combinations) is
hardly ever a factor in whether a system is cracked or not.
--
Geoff Teale
Cmed Technology / Free Software Foundation
gteale at cmedltd.com / tealeg at member.fsf.org
Please avoid sending me Word, Excel or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
More information about the Sussex
mailing list