[unisog] [Fwd: Is the current password std flawed?]

Clark Gaylord cgaylord at cns.vt.edu
Fri Feb 25 16:01:38 GMT 2005


BACHAND, Dave (Info. Tech. Services) wrote:

>forcing a complex password, a dictionary attack should fail.  Also since
>the potential hacker can't know what type of character is in each
>position, I would think that a brute force attack would have to include
>  
>
Are you kidding?  The character subsets that we draconianly impose on 
users are tacked onto the end of the string.  Don't allow dictionary and 
trivial permutations of dictionary and take the rest into user education.

--ckg



More information about the unisog mailing list