| 1 |
Neil Bothwick wrote: |
| 2 |
> On Mon, 04 Feb 2019 11:17:13 +0000, Mick wrote: |
| 3 |
> |
| 4 |
>>> https://xkcd.com/936/ |
| 5 |
>> Not strictly true ... the crackers would probably use rainbow tables |
| 6 |
>> attacks first. Also, it isn't fair to compare an 11 character passwd |
| 7 |
>> against a 25 character passwd. For the *same* number of characters |
| 8 |
>> used in any given passwd, a random lower/upper/numerical/symbol passwd |
| 9 |
>> will provide an exponentially higher degree of difficulty in cracking |
| 10 |
>> it with brute force, than one which uses only lower case dictionary |
| 11 |
>> words. Anyway, these days many attacks are focused on OS or hardware |
| 12 |
>> vulnerabilities which have been baked in by design, rather than brute |
| 13 |
>> force attacks. |
| 14 |
> I'm not sure xkcd is meant to be taken that seriously... |
| 15 |
> |
| 16 |
> |
| 17 |
|
| 18 |
|
| 19 |
Sort of picking a random message to reply to here. Someone sent a reply |
| 20 |
off list about checking passwords on my system with tools available. |
| 21 |
They also mentioned not trusting strength meters which I can get since |
| 22 |
they pass some obvious passwords. I used three meters and some sort of |
| 23 |
common sense as well. I found cracklib-check after some digging. I |
| 24 |
used that to try to check my password and get this weird response. |
| 25 |
|
| 26 |
-su: me-supper-secret-password-here;): event not found |
| 27 |
|
| 28 |
I'm going to try to emulate my password without actually posting it, for |
| 29 |
obvious reasons. You all are smart enough to understand why. ROFL It |
| 30 |
has some of the following 'stuff' in it. !sdER*ark4567# As you can |
| 31 |
tell, I use some of those things on the tops of the number keys. It |
| 32 |
seems that confuses cracklib just a bit. BTW, I was running that as |
| 33 |
root just to be sure it wasn't a permissions issue. I tried a few |
| 34 |
different things but it seems the "!" is triggering that at least, maybe |
| 35 |
others too. The command works fine with just normal stuff. That leads |
| 36 |
me to this question. Is there a tool I can use/install that will test a |
| 37 |
password, try to crack it if you will, that will work regardless of the |
| 38 |
characters used? In other words, it doesn't mind the things on top of |
| 39 |
the number keys. |
| 40 |
|
| 41 |
BTW, I've also whittled it down to something a little easier to type |
| 42 |
too. Feel sorry for any poor fool trying to just guess it. lol May |
| 43 |
have better luck with P vs NP. ;-) |
| 44 |
|
| 45 |
Thanks. |
| 46 |
|
| 47 |
Dale |
| 48 |
|
| 49 |
:-) :-) |
Archives