|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Robin Wood (dninja
gmail.com)
Date: Tue Jun 03 2008 - 11:08:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2008/6/3 Martin O'Neal <martin.onealcorsaire.com>:
>
>> It didn't help that the password was only 5
>> characters!
>
> That may not actually be such a bad password (on balance and in
> context). Sure it is a dictionary/leet word variant, but five
> characters actually carry plenty of entropy (if mixed case and numerics
> are also used). However, if you have an authentication mechanism that
> doesn't lock out an account and *allows* brute forcing, it doesn't
> really matter how strong the password is; given enough
> universe-lifetimes an attacker will always guess it eventually.
Trust me, it is a VERY bad password in these circumstances!
Robin
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]