Vulnerability Development mailing list archives

Re: AOL passwords / crypt() and online brute forcing

From: gotcha <fmu () hushmail com>
Date: Thu, 2 May 2002 01:27:19 +0200

damn, i need to work on my char counting skillz :>

--gotcha

On Wed, May 01, 2002 at 04:43:17PM -0400, Fab Siciliano wrote:

They can. The 1 is changing to a 2.

-----Original Message-----
From: gotcha [mailto:fmu () hushmail com] 
Sent: Wednesday, May 01, 2002 4:39 PM
To: Erik Parker
Cc: vuln-dev () securityfocus com
Subject: Re: AOL passwords / crypt() and online brute forcing


On Wed, May 01, 2002 at 12:20:44PM -0500, Erik Parker wrote:

if you take the 94 displayable ascii characters.. and do

94^8 you have

a possible 6,095,689,385,410,816..  So about 6 quadrillion

passwords

to try..


i think that's not the issue. the real problem is that people 
think they can block access by changing a password from 
foobar111 to foobar123.

--gotcha

Current thread:

Re: XP Screen Saver password uses Old password until logout or New one is used. hellNbak (Apr 30)
- Re: XP Screen Saver password uses Old password until logout or Newone is used. Meritt James (Apr 30)