Thread: ; TOT; Piggin passwords
View Single Post
  #88   Report Post  
Posted to uk.d-i-y
John Rumm John Rumm is offline
external usenet poster
  
Posts: 25,191
Default ; TOT; Piggin passwords
On 10/02/2016 16:51, Mike Barnes wrote:
John Rumm wrote:
On 10/02/2016 07:40, Mike Barnes wrote:
What we're talking about is them disallowing some combinations of the
same characters that have been available all along, and therefore
*reducing* the number of legal combinations that have to be tested.

I don't think that statement can be supported with maths ;-)

I think it can.

Go on then ;-)

To be fair, I see what you are getting at, but the purpose of the
exercise is to force users to use more of the available "combination
space", even if that is at the cost of a small reduction in the total
number of legal passwords available.

So without the policy, a very fast crack attempt with all the dictionary
words in all lower case, would get you into a percentage of accounts.
With the policy, it will fail every time.

If "password" is a legal password, the bad guy has to
take the (admittedly small) time taken to test for it. If it's not
legal, he doesn't have to test for it.

but now he does have to test Password, pAssword, paSsword, pasSword,
passWord, passwOrd, passwOrd, passwoRd, passworD,

and

PAssword, PaSsword.... PASSwORD.... PASSWORd

and so on.


--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/
Reply With QuoteReply With Quote