Re: Re: regex elegance contest


Perl Monk, Perl Meditation
	PerlMonks

Re: Re: regex elegance contest - validate a pw

by mutated (Monk)

on Feb 12, 2004 at 15:54 UTC ( [id://328588]=note: print w/replies, xml )

Need Help??

in reply to Re: regex elegance contest - validate a pw
in thread regex elegance contest - validate a pw

Contrary to what many people believe, putting such (arbitrary) conditions on the format of passwords actually makes it easier to crack them.

I suppose technically you are reducing the keyspace an attacker would need to attack the gain all passwords. The goal of something like this though isn't to try and make individual passwords harder to crack, but to limit the amount of passwords and attacker can gain easily (He's not going to try the entire keyspace regardless, it's to big). You want to limit the effectiveness of dictionary attackers, where an attacker can gain 80% of your password list in half an hour because all your users use common words as their passwords.

Comment on Re: Re: regex elegance contest - validate a pw

Replies are listed 'Best First'.
Re: Re: Re: regex elegance contest - validate a pw by CountZero (Bishop) on Feb 13, 2004 at 07:08 UTC
Yes I understand that, but the artificial --IMHO-- restrictions do not guarantee that common words are excluded as probably most users will still use a common word, capitalize the first character and add a number at the end; or use their birthday or anything equally silly. CountZero "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law	[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://328588]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others musing on the Monastery: (7)

As of 2024-04-23 15:35 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found