1 |
Neil Bothwick wrote: |
2 |
> On Mon, 04 Feb 2019 11:17:13 +0000, Mick wrote: |
3 |
> |
4 |
>>> https://xkcd.com/936/ |
5 |
>> Not strictly true ... the crackers would probably use rainbow tables |
6 |
>> attacks first. Also, it isn't fair to compare an 11 character passwd |
7 |
>> against a 25 character passwd. For the *same* number of characters |
8 |
>> used in any given passwd, a random lower/upper/numerical/symbol passwd |
9 |
>> will provide an exponentially higher degree of difficulty in cracking |
10 |
>> it with brute force, than one which uses only lower case dictionary |
11 |
>> words. Anyway, these days many attacks are focused on OS or hardware |
12 |
>> vulnerabilities which have been baked in by design, rather than brute |
13 |
>> force attacks. |
14 |
> I'm not sure xkcd is meant to be taken that seriously... |
15 |
> |
16 |
> |
17 |
|
18 |
|
19 |
Sort of picking a random message to reply to here. Someone sent a reply |
20 |
off list about checking passwords on my system with tools available. |
21 |
They also mentioned not trusting strength meters which I can get since |
22 |
they pass some obvious passwords. I used three meters and some sort of |
23 |
common sense as well. I found cracklib-check after some digging. I |
24 |
used that to try to check my password and get this weird response. |
25 |
|
26 |
-su: me-supper-secret-password-here;): event not found |
27 |
|
28 |
I'm going to try to emulate my password without actually posting it, for |
29 |
obvious reasons. You all are smart enough to understand why. ROFL It |
30 |
has some of the following 'stuff' in it. !sdER*ark4567# As you can |
31 |
tell, I use some of those things on the tops of the number keys. It |
32 |
seems that confuses cracklib just a bit. BTW, I was running that as |
33 |
root just to be sure it wasn't a permissions issue. I tried a few |
34 |
different things but it seems the "!" is triggering that at least, maybe |
35 |
others too. The command works fine with just normal stuff. That leads |
36 |
me to this question. Is there a tool I can use/install that will test a |
37 |
password, try to crack it if you will, that will work regardless of the |
38 |
characters used? In other words, it doesn't mind the things on top of |
39 |
the number keys. |
40 |
|
41 |
BTW, I've also whittled it down to something a little easier to type |
42 |
too. Feel sorry for any poor fool trying to just guess it. lol May |
43 |
have better luck with P vs NP. ;-) |
44 |
|
45 |
Thanks. |
46 |
|
47 |
Dale |
48 |
|
49 |
:-) :-) |