[nycphp-talk] password strength enforcement
jon baer
jonbaer at jonbaer.net
Sun Apr 11 18:17:16 EDT 2004
Just FYI, this is what is meant by "brute force" and you are right alot of
*crackers* allow you to adjust the amount of digits which *must* appear in
the password, BUT to prevent this type of cracking you do *not* want to
publicize what your password policy is ... alot of signup forms make this
terrible presumption that guys signing up to a form are legit people when in
fact if you have an error message like:
password:
* must use 3 digits
* must be 6 - 8 characters long (or max)
You kinda give away alot of info :-)
----- Original Message -----
From: "Allen Shaw" <ashaw at iifwp.org>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Sunday, April 11, 2004 3:27 PM
Subject: Re: [nycphp-talk] password strength enforcement
> Idea was just to prevent passwords like "mouse98" which -- I've read --
are
> easily cracked: dictionary words with a number added at the beginning or
> end. Honestly, I'm curious to hear how effective or lame you think such a
> requirement might be, since I'm pretty new to the topic.
More information about the talk
mailing list