Home page logo
/

funsec logo funsec mailing list archives

Re: While we're all trying to fix politics, economics, etc.
From: Rich Kulawiec <rsk () gsp org>
Date: Wed, 6 Feb 2013 09:12:39 -0500

On Tue, Feb 05, 2013 at 12:49:44PM -0500, Rich Kulawiec wrote:
I have a question.  Please to consider the following candidate password:

      S.3-t=2ga+Zilg59CEkp4


Okay, I s'pose now I should explain why I asked that question.  (But first:
thanks for the comments!)

I actually have that password committed to memory (via a mnemonic that's
partly obscene, so I'll omit it here).  So it's not open to PostIt attack,
although admittedly keystroke logging would grab it just as easily as
any other.  So would rubber hose cryptography, so would other methods.

The usage I'd intended for this was on a Yahoo account.  I have a few
of them that I use for mail/spam/phish/etc. test purposes: little
controlled experiments involving exposing addresses in certain places
and then waiting to see what shows up months or years later.  (I've been
doing this for a very long time with lots of freemail providers as well as
with addresses associated with domains of my own.)  I recently realized
that one of those Yahoo accounts has a password that is inexcusably weak
by contemporary standards, so I decided to change it to a much better
one -- this one.

Yahoo's web interface informs me that this password is weak: in fact,
it informs me that it is as weak as it's possible to be and refuses to
allow me to use it.

It also refuses to allow me to use variations, including still-longer
ones.  It steadfastly rates them all as "weak".  I find this puzzling.

Now given that I was doing this exercise after a certain recent Sunday
evening sporting competition involving a local franchise, I thought,
well, maybe I'm just missing the obvious.  I might still be.  But I
believe I'm now confused on a higher level, so I'll call that progress.

---rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]