[Coco] Tandy / Color Computer Forum Access
Steven Hirsch
snhirsch at gmail.com
Fri Mar 25 16:38:03 EDT 2011
On Fri, 25 Mar 2011, gene heskett wrote:
> On Friday, March 25, 2011 02:19:38 PM Brian Blake did opine:
>
>> On Fri, Mar 25, 2011 at 2:01 PM, Wayne Campbell <asa.rand at gmail.com>
> wrote:
>>> Most of them do recommend periodic changes, but leave it up to the
>>> user.
>>>
>>> Wayne
>>
>> That's what will end up happening. Though if there is ever an instance
>> where there's a security issue, it'll be required... No major biggie...
>
> The security issue is, as I see it, the short password. A 6 character PW
> can be found by John the Ripper in just a few seconds. My own minimum user
> password length is 9, and my root PW on this machine is, lets just say,
> more than 20. Same for the admin password on dd-wrt. John would have to
> work till the universe runs down to find those, as every character added
> adds to the factorial on the difficulty. To illustrate, a 6 char PW is
> 6!=720. 9!=362880. and 20!=2.43290200818e+18, a rather large number.
>
> You have to make it expensive enough to crack your password that they get
> bored and go looking for easier targets.
My employer mandates a "three strikes and it's locked" policy on
authentication attempts. Now that I think about it, most web accounts I
own do that as well. Renders brute-force cracking tools a bit
impractical.
--
More information about the Coco
mailing list