Re: Not so much a bug as a warning of new brute force attack

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Alan Brown: "Attacks using pop"
• Previous message: Alan Coopersmith: "BoS: Yet Another Java security bug"
• In reply to: Brett L. Hawn: "Re: Not so much a bug as a warning of new brute force attack"
• Next in thread: Russell Street: "Re: Not so much a bug as a warning of new brute force attack"
• Next in thread: Bill Broadley: "Re: Not so much a bug as a warning of new brute force attack"

On Mon, 3 Jun 1996, Brett L. Hawn wrote:

> You can lead a user to a good password but you can only make them use it for
> so long.

What about a fascist passwd program which refers to a dictionary and
rejects "easy" passwords? Does such an animal exist?

> Not to mention anyone with the time and desire can create a fairly
> nifty 'dictfile' like I did a few years back. All it takes is some simple
> brain power and a LOT of disk space, a quick file that prints all variations
> of 5-8 charater length combinations to a file. I stopped mine at 238megs and
> it was still going strong.

I think this one comes under the heading of "brute force attack" - just
with alphanumerics (a-z,A-Z,0-9) you're looking at needing 62^8 entries
for a complete set of 8 character passwords. It's probably faster to try
and decrypt the passwd file entry directly.

AB

• Next message: Alan Brown: "Attacks using pop"
• Previous message: Alan Coopersmith: "BoS: Yet Another Java security bug"
• In reply to: Brett L. Hawn: "Re: Not so much a bug as a warning of new brute force attack"
• Next in thread: Russell Street: "Re: Not so much a bug as a warning of new brute force attack"
• Next in thread: Bill Broadley: "Re: Not so much a bug as a warning of new brute force attack"