On Fri, Jun 08, 2001 at 12:37:34AM -0700, Peter Ajamian wrote: [snip] > computer. A new 1ghz computer could easily crank out 6 char passwords in > mere seconds, 8 char passwords in a few hours, and a 10 char password > probably in a week to a month or better. crypt() passwords are never more than 8 characters - anything beyond 8 characters is discarded. [snip] > Possible Workarounds: > > Do not use the Crypt-PW authentication-scheme. Instead use the MAIL_FROM > or PGP scheme instead. MAIL_FROM is even less secure than CRYPT-PW. Use PGP :) > If you must use CRYPT-PW then the following suggestions are recommended: > - Password should be at least 10 characters in length. Again, anything over 8 is useless. All in all NetSol still hasn't learned. Greetz, Peter.
This archive was generated by hypermail 2b30 : Sun Jun 10 2001 - 16:21:39 PDT