|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Infinity Ziona
Minmatar Cloakers
|
Posted - 2011.03.11 02:43:00 -
[1]
Originally by: Barakkus I'm not suggesting that, I'm suggesting that the requirement of at least 1 uppercase character does not reduce the number of combinations that can be used for a brute force attack.
This is so wrong its ridiculous and can only be a troll.
Requiring a single capital letter reduces possible permutations because it eliminates every permutation that consists of only lowercase and every permutation that consists of lowercase and numeric characters.
--------------------------------------------- I AM BETTER THAN YOU. |
Infinity Ziona
Minmatar Cloakers
|
Posted - 2011.03.12 01:29:00 -
[2]
Originally by: Fondon
Originally by: Matalino No it doesn't! Because now those who have all lower case passwords and do not want a capital letter in their passwords are forced to choose between changing to a mixed case password or keeping their existing password. You have introduced strong incentive for many users to keep their current passwords indefinitely. This change is just an example of security theatre, it LOOKS like you are doing something to improve account security, when in fact you are just screwing around making changes that have no real effect other than annoying your users.
Time needed to crack a password:
8 characters, just lower case: 4 days. 8 characters mixing lower and capital letters: 4 years. Add some numbers and you'll need more than 100 years.
Brute forcing is not necessarily attempting every permutation. Its more common to use lists you can subscribe to or hack into and then use those lists to run through an account, changing case, appending digits.
Linkage
Notice of those 3 sites, that around 800 people were using "password" as passwords.... people are lazy, they'll use easy to guess common words usually.
If you want to steal non specific accounts you don't want to steal the hardest to guess accounts, you want to steal the easy to guess accounts.
Basically all CCP's enforcing of capital letters will do is make the difficult to guess passwords difficult to guess (no change) and the easy to guess passwords (password) will become easy to guess (Password). No changes.
--------------------------------------------- I AM BETTER THAN YOU. |
Infinity Ziona
Minmatar Cloakers
|
Posted - 2011.03.12 02:23:00 -
[3]
Originally by: Ban Doga
Originally by: Infinity Ziona Brute forcing is not necessarily attempting every permutation. Its more common to use lists you can subscribe to or hack into and then use those lists to run through an account, changing case, appending digits.
You might want to read http://en.wikipedia.org/wiki/Brute-force_attack and http://en.wikipedia.org/wiki/Dictionary_attack
In practice not a bit of difference. Spamming a server with lists or random characters has the exact same effect.
--------------------------------------------- I AM BETTER THAN YOU. |
|
|
|