On Mon, 3 Jun 1996, Aaron Merifield wrote: > Why not just change the system so that it wont accept a dictionary name as > a valid password. Six to eight characters and at least 1 or 2 numbers > would make it a little more difficult too. > The main way to crack password files seems to involve using dictionary > files (that you can easily get from the net) and using brute force to > compare the encrypted dictionary words to the encrypted passwords. > Therefore just dont allow dictionary words as passwords. Although the > number you can still make your own dictionary files of random characters, > the percentage of people that would even bother drops big time, IMO. You can lead a user to a good password but you can only make them use it for so long. Not to mention anyone with the time and desire can create a fairly nifty 'dictfile' like I did a few years back. All it takes is some simple brain power and a LOT of disk space, a quick file that prints all variations of 5-8 charater length combinations to a file. I stopped mine at 238megs and it was still going strong. Brett