in reply to Re: regex elegance contest - validate a pw
in thread regex elegance contest - validate a pw

Contrary to what many people believe, putting such (arbitrary) conditions on the format of passwords actually makes it easier to crack them.

I suppose technically you are reducing the keyspace an attacker would need to attack the gain all passwords. The goal of something like this though isn't to try and make individual passwords harder to crack, but to limit the amount of passwords and attacker can gain easily (He's not going to try the entire keyspace regardless, it's to big). You want to limit the effectiveness of dictionary attackers, where an attacker can gain 80% of your password list in half an hour because all your users use common words as their passwords.
  • Comment on Re: Re: regex elegance contest - validate a pw

Replies are listed 'Best First'.
Re: Re: Re: regex elegance contest - validate a pw
by CountZero (Bishop) on Feb 13, 2004 at 07:08 UTC
    Yes I understand that, but the artificial --IMHO-- restrictions do not guarantee that common words are excluded as probably most users will still use a common word, capitalize the first character and add a number at the end; or use their birthday or anything equally silly.

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]

In Section Seekers of Perl Wisdom