Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Whitespace in passwords
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sun, 18 Sep 2005 22:24:14 -0400 (EDT)

Hash: SHA1

On Fri, 16 Sep 2005, Paul Robertson wrote:

On 9/9/05, Peter Parker <peterparker () fastmail fm> wrote:

Most of the available crackers have option to brute all possible
characters (including whitespaces). We want strong password because we
dont want them to be compromised (by anymeans)

Strong passwords *normally* force users to write them down, and unless
you've exposed a dictionary-attackable service like OWA, don't really
help- since the big risk is local exploitation where those little
yellow notes make all the difference.

We've found additionally, short expiry times can also make this reverting to postit passes also happen with greater frequency, as well as having multiple passwd's for various systems...great case for OTP.


Ron DuFresne
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
Version: GnuPG v1.2.4 (GNU/Linux)


Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]