Re: Big Sites That Don't Allow Complex Passwords !?! - dslreports.com

republican-creole			Search:
	login · register

	All Forums		Hot Topics		Gallery

how-to block ads

Forums » Up and Running » Security » Security » Sites That Don't Allow Special Characters In Passwords !?!


Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

Analysis of the Gozi Trojan - leads to Russian data horde »
« Free antivirus for non-profit organization?

BlitzenZeus Burnt Out Cynic Premium,MVM join:2000-01-13 Beaverton, OR	Re: Big Sites That Don't Allow Complex Passwords !?! If your just setting up complex passwords in some password program, its not helping you at all. Using some master password to as part of a password storage then your only fooling yourself when it comes to security.
	permalink · 2007-03-17 04:04:48 ·

dave
Premium,MVM
join:2000-05-04
not in ohio

·Verizon Online DSL

Re: Big Sites That Don't Allow Complex Passwords !?!

said by BlitzenZeus

:

If your just setting up complex passwords in some password program, its not helping you at all. Using some master password to as part of a password storage then your only fooling yourself when it comes to security.

Assume an attacker has no access to your PC; he's merely attacking the web site (and it's not tricky to guess, for example, that there might be a user called 'dave'). There is no 'master password' involved. It's simply a matter of how hard it is to brute-force the password space.

If the password space is restricted to [A-Za-z0-9] then there are far fewer possible passwords than if passwords could use any characters. Thus, the password is easier to guess. Simple arithmetic.

This is just sloppy programming, about as sloppy as the idiots who insist you type credit card numbers without spaces, despite that fact that the numbers on the cards are grouped in fours for a very good reason.

I suppose the point of your comemnt may be that people who use 'complex passwords' must be keeping them in software-managed keyrings. That doesn't seem to follow at all. A few non-alphameric characters dropped into a password doesn't suddenly make it impossible to remember; even a scheme as silly as replacing an 's' with '$' adds a small amount of strength, withut making the password harder to remember.

--
Microsoft Security MVP, 2005-2007.

permalink · 2007-03-17 11:30:07 · Print ·

your comment..

Forums » Up and Running » Security » Security	Analysis of the Gozi Trojan - leads to Russian data horde » « Free antivirus for non-profit organization?


Friday, 04-Dec 17:47:14	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF

Most commented news this week
· [163] Comcast Releasing Promised Usage Meter
· [145] Avast Antivirus Has Gone Mad
· [124] Comcast Makes NBC Universal Acquisition Official
· [104] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [101] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [81] FCC Ponders Moving From PSTN To IP Voice
· [74] Sprint Defuses GPS Privacy Media Bomb
· [70] Baltimore To Ban Lazy Cable Installs
· [64] Broadband Killed The Game Console

Most people now reading
· False positive in Avast! or is it real? [Security]
· DNS options, what are YOU using? [TekSavvy]
· Long ethernet runs [Wireless Service Providers]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Evading throttling with uTP / uTorrent 1.9a [TekSavvy]
· I finally jumped off the Windows ship! [All Things Macintosh]
· Windows 7 boot manager editing questions [Microsoft Help]
· Docsis, DSL technology [Canadian Broadband]
· Maximizing Rogue DPS for ToC/ToGC (3.x) [World of Warcraft]
· [Rant] Disrespect of PTO [Rants, Raves, and Praise]