[Coco] Tandy / Color Computer Forum Access

[Steven Hirsch]

On Fri, 25 Mar 2011, gene heskett wrote:


> On Friday, March 25, 2011 02:19:38 PM Brian Blake did opine:

>

>> On Fri, Mar 25, 2011 at 2:01 PM, Wayne Campbell <asa.rand at gmail.com>

> wrote:

>>> Most of them do recommend periodic changes, but leave it up to the

>>> user.

>>>

>>> Wayne

>>

>> That's what will end up happening. Though if there is ever an instance

>> where there's a security issue, it'll be required... No major biggie...

>

> The security issue is, as I see it, the short password.  A 6 character PW

> can be found by John the Ripper in just a few seconds.  My own minimum user

> password length is 9, and my root PW on this machine is, lets just say,

> more than 20.  Same for the admin password on dd-wrt.  John would have to

> work till the universe runs down to find those, as every character added

> adds to the factorial on the difficulty. To illustrate, a 6 char PW is

> 6!=720. 9!=362880. and 20!=2.43290200818e+18, a rather large number.

>

> You have to make it expensive enough to crack your password that they get

> bored and go looking for easier targets.


My employer mandates a "three strikes and it's locked" policy on 
authentication attempts.  Now that I think about it, most web accounts I 
own do that as well.  Renders brute-force cracking tools a bit 
impractical.



--