comment on

The password is really bad, it can be found in every dictionary, and just adds one non-alphanumeric character.

A few years back i got into really hot water with some users. Instead of a fixed "3 numbers, 4 characters, one special character" type of passpord, the systems i developed started using a complexity score thing. Somewhat secure "random" passwords could get away with about 10 characters. Using things like part of the username, your real name and stuff like that would come with a steep penalty, requiring a much longer password.

Needless to say, some users were pissed about the fact that i "required a 40 character password" and that they "can't use their favourite password and refuse to remember a new one". Shame it's not in my power to fire people or force them to sit through a three week class on basic computer security.

perl -e 'use Crypt::Digest::SHA256 qw[sha256_hex]; print substr(sha256_hex("the Answer To Life, The Universe And Everything"), 6, 2), "\n";'

In reply to Re^6: Replacing crypt() for password login via a digest - looking for stronger alternative by cavac
in thread Replacing crypt() for password login via a digest - looking for stronger alternative by davebaker

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Perl Monk, Perl Meditation
	PerlMonks