RE: AOL passwords / crypt() and online brute forcing

From: Fab Siciliano (fsicilianoat_private)
Date: Wed May 01 2002 - 13:43:17 PDT

Next message: Vachon, Scott: "RE: SECURITY CAMERA WAR DRIVING"

Previous message: Vachon, Scott: "RE: Wlan @ bestbuy is cleartext?"
In reply to: gotcha: "Re: AOL passwords / crypt() and online brute forcing"
Next in thread: gotcha: "Re: AOL passwords / crypt() and online brute forcing"
Reply: gotcha: "Re: AOL passwords / crypt() and online brute forcing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

They can. The 1 is changing to a 2.

> -----Original Message-----
> From: gotcha [mailto:fmuat_private] 
> Sent: Wednesday, May 01, 2002 4:39 PM
> To: Erik Parker
> Cc: vuln-devat_private
> Subject: Re: AOL passwords / crypt() and online brute forcing
> 
> 
> On Wed, May 01, 2002 at 12:20:44PM -0500, Erik Parker wrote:
> > if you take the 94 displayable ascii characters.. and do 
> 94^8 you have 
> > a possible 6,095,689,385,410,816..  So about 6 quadrillion 
> passwords 
> > to try..
> 
> i think that's not the issue. the real problem is that people 
> think they can block access by changing a password from 
> foobar111 to foobar123.
> 
> --gotcha
>

Next message: Vachon, Scott: "RE: SECURITY CAMERA WAR DRIVING"
Previous message: Vachon, Scott: "RE: Wlan @ bestbuy is cleartext?"
In reply to: gotcha: "Re: AOL passwords / crypt() and online brute forcing"
Next in thread: gotcha: "Re: AOL passwords / crypt() and online brute forcing"
Reply: gotcha: "Re: AOL passwords / crypt() and online brute forcing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 01 2002 - 14:44:57 PDT