[clug] [OT] all text passwords == secure?

Kim Holburn kim.holburn at gmail.com
Tue Aug 28 05:40:37 MDT 2012

On 2012/Aug/28, at 8:59 AM, Scott Ferguson wrote:
> A dictionary attack is too easy - and it's the first attack tried. Add
> just one non alpha character to that multi word string and only brute
> force will guess it - then you have a much harder password to break.
> Much, much harder.
> The difference between brute forcing 8 characters and brute forcing 25
> characters is greater by a large factor than the difference between
> brute forcing 8 characters and a dictionary attack on 4 words - even if
> the speed of the attack is only a million attempts per second.
> But adding one non alpha character is apparently "too hard".  That's the
> problem - not that people are really so retarded they can't pick a non
> alpha character, remember it, and add it to all their passwords (just
> not as the last character or as a alpha substitution).

Actually if you've used john the cracker you'll know that any word from a dictionary with a character or even several characters substituted with a non-alpha character or non-alpha character appended is part of a normal dictionary attack and does not take much more time than a simple dictionary attack which no one much uses by itself any more.

Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request 

More information about the linux mailing list