I don't see what's so bad about the password 32ratatata.
That's because you're not looking at the type of cracking techniques that are commonly used (sadly the info's mostly only available through commercial monitoring services, but you can make fairly educated guesses based on what you would try). Adding on 2 numbers to the beginning or ending of a short (particularly lowercase) string is an extremely common style of password creation. Looking at a 2n3a (2 numbers, 3 lowercase alpha) password we get 10 * 10 * 26 * 26 * 26 or (1 757 600) possible solutions. This sounds like a lot, but it isn't. If someone got access to the password file, and tried that structure it would be trival to crack.
Now consider a password that instead of the 2 numbers, uses 2 extra letters that can be either uppercase or lowercase: (52 * 52 * 52 * 52 * 52) (~380 million). Still not great, but a lot better. Now consider making it alpha (u and l), numeric, and throw in some punctuation (problems memorizing passwords can be reduced with a minimal cost to security by generating them in memorable formats such as Til8iB3@pm - also implement a system where the user has to enter the password at certain reducing intervals (5 min, 1 hour, 6 hours...) after receiving it, it greatly helps)
Now I babbled on and forgot what I was talking about in the first place! Sorry for taking up so much space, hope someone finds it moderately useful! ;-)
In reply to Re: Re: Minimal password check, again
by Anonymous Monk
in thread Minimal password check, again
by bronto
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |