One thing is for sure, that NO , It does not make the cracking process any easier. Because mostly people don't keep any passwords longer than 8 characters, and besides this is not hash cracking or something like that. The cracker will not have the hash of the original password. the TCP lag will also include the time taken in the cracking process, which will increase the time period into multiple of the number of attempts made to try one pass. Sounds a bit cryptic? . Well, there are 26 alphabets, and 10 digits, alphabets are in two forms : caps or bigger caps and lower caps, which makes it 26 * 2 + 10 = 62, and this number is 62 if i am not including other displayable characters like ?#%$% etc. Let's say AOL only accepts lowercaps/ caps / and digits only, then it makes sense that 8 letter password will be comprised of the characters in the range of 62 characters, RIGHT ? which makes it 62 ^ 8 . and 62 ^ 8 = 218340105584896 . So it will take a cracker to attemp 218340105584896 combinations inorder to be able to crack your password. Note: other characters are not included yet (for the reason that i dont have access to AOL atm, so i dont know if they do or do not allow other displayable characters.) So 218340105584896 is really a large amount of attempts. Let's say one attempt takes around 5 seconds, since the connection lags and all the rest of Internetworking reasons, (maybe AOL firewall may put you off for repeated attempts and all) *anyway It makes 43668021116979.2 seconds to attempt 218340105584896 combinations on an AOL account, approximately 1403935.86410041152263374485596708 years to crack it. *HMMM* sounds impossible. So relax and chill, and yeah you could probably ask AOL that is this a known feature or were they informed about this functionality and it was left alone since maybe people might forget their passwords more than 8 character in length ? or what? Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk voice: 92-021-111-GEMNET Chief Security Analyst Applied Technology Research Center (ATRC) web: www.atrc.net.pk voice: 92-021-4548323, 92-021-4546077 "Great is the Art of beginning, but Greater is the Art of ending. " ------BEGIN GEEK CODE BLOCK---- Version: 3.1 GCS/CM/P/TW d- s: !a C++ B@ L$ S$ U+++ P+ L+++ E--- W+ N+ o+ K- w-- O- PS PE- Y- PGP+ t+ X R tv+ b++ DI+ D G e++ h! r+ y+ ------END GEEK CODE BLOCK------ > Jacob McMaster (jmcmasterat_private) JM wrote today: > I don't know if anyone has said this but, AOL allows you to use a 8+ > character password, but when signing in it will only check the first 8 > character and then it doesn't matter if you type the rest of the password or > type the rest of it wrong it will let you in that account. Also their > access to your email via the web, it will actually tell you its the wrong > password if your password is over 8 characters and you type the whole thing > in, you have to type only the 1st 8 characters to get into it. Not sure > this is a major issue, but would make the cracking process eaiser for > someone if they know there is a max of 8 characters needed. _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Run a small business? Then you need professional email like youat_private from Everyone.net http://www.everyone.net?tag
This archive was generated by hypermail 2b30 : Wed May 01 2002 - 16:36:49 PDT