dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7
share rss forum feed


DarkSithPro

join:2005-02-12
Tempe, AZ
kudos:2
reply to antdude

Re: P@$$1234: the end of strong password-only security

So use a two phase password system.

1st password will be accepted and send you to the second password screen, even if first password is incorrect, the second one will kick you back to start all over. It will not tell if the first, or second password was correct, or incorrect. Therefore brute force/dictonary will be completely ineffective.

So lets say your first password is just 5 characters long and the second one is roughly the same. Going to a second password screen only to be kicked back out will make brute-force useless...

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
Two 5 character passwords affords the same protection as one 10 character password.

(To a first approximation, ignoring the fact that you often don't need to know the password, you just need to know something that hashes to the same thing the password hashes to).