2008/6/3 Martin O'Neal <martin.oneal_at_corsaire.com>:
>
>> It didn't help that the password was only 5
>> characters!
>
> That may not actually be such a bad password (on balance and in
> context). Sure it is a dictionary/leet word variant, but five
> characters actually carry plenty of entropy (if mixed case and numerics
> are also used). However, if you have an authentication mechanism that
> doesn't lock out an account and *allows* brute forcing, it doesn't
> really matter how strong the password is; given enough
> universe-lifetimes an attacker will always guess it eventually.
Trust me, it is a VERY bad password in these circumstances!
Robin
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Jun 03 2008
Intro
