Vulnerability Development mailing list archives

RE: AOL passwords / crypt() and online brute forcing

From: "Fab Siciliano" <fsiciliano () optiumcorp com>
Date: Wed, 1 May 2002 16:43:17 -0400

They can. The 1 is changing to a 2.

-----Original Message-----
From: gotcha [mailto:fmu () hushmail com] 
Sent: Wednesday, May 01, 2002 4:39 PM
To: Erik Parker
Cc: vuln-dev () securityfocus com
Subject: Re: AOL passwords / crypt() and online brute forcing


On Wed, May 01, 2002 at 12:20:44PM -0500, Erik Parker wrote:

if you take the 94 displayable ascii characters.. and do

94^8 you have

a possible 6,095,689,385,410,816..  So about 6 quadrillion

passwords

to try..


i think that's not the issue. the real problem is that people 
think they can block access by changing a password from 
foobar111 to foobar123.

--gotcha

Current thread:

Re: XP Screen Saver password uses Old password until logout or New one is used. hellNbak (Apr 30)
- Re: XP Screen Saver password uses Old password until logout or Newone is used. Meritt James (Apr 30)