Re: Not so much a bug as a warning of new brute force attack

On Mon, 3 Jun 1996, Brett L. Hawn wrote:

> You can lead a user to a good password but you can only make them use it for
> so long.

What about a fascist passwd program which refers to a dictionary and
rejects "easy" passwords? Does such an animal exist?

> Not to mention anyone with the time and desire can create a fairly
> nifty 'dictfile' like I did a few years back. All it takes is some simple
> brain power and a LOT of disk space, a quick file that prints all variations
> of 5-8 charater length combinations to a file. I stopped mine at 238megs and
> it was still going strong.

I think this one comes under the heading of "brute force attack" - just
with alphanumerics (a-z,A-Z,0-9) you're looking at needing 62^8 entries
for a complete set of 8 character passwords. It's probably faster to try
and decrypt the passwd file entry directly.

AB
Received on Jun 04 1996