Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:22
Antonomasia (ant@notatla.demon.co.uk)
Tue, 27 Apr 1999 07:45:15 +0100
Jim Gillogly <jim@acm.org>:
> Probably they are still feasible. As system administrators
> you are by now be aware that you must never underestimate the
> lengths to which a user will go to subvert your attempts
> to make him pick a strong password. There will undoubtedly
> be legal trigraphs and tetragraphs in almost all passwords,
> and almost certainly complete words as well, even if they're
> capitalized oddly and interspersed with digits. If there are
> digits, they will usually be a single '1', or they will be
> four digits starting with '19' -- i.e. nothing that will
> interfere with recognizing plaintext when you see it.
This is right, of course. Here's an additional data point to the many
already known. A few weeks ago we bought a passwd/shadow pair along
with a second hand Sun box. Because there was a root password not known
to us we had to break in to start using it. Then, just for snix, we ran
crack on the files and got 15 successes. Most of these passwords were
equal to the username. Some of the rest were $username."1".
The reason I gave up cracking passwords in my previous job was that
nobody ever improved them as a result.
-- ############################################################## # Antonomasia ant@notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/ # ##############################################################
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:22