Re^2: Password Generation and Module Multiplication

Brute force attacks against a single password, granted.

But without complexity rules, a letter-only brute force attack or rainbow table attack against a list of hashed passwords will too easily pick off the lazy users. I'd assume the complexity rules are really designed to protect against this case.

--
A math joke: r = | |csc(θ)|+|sec(θ)|-||csc(θ)|-|sec(θ)|| |
Online Fortune Cookie Search
Office Space merchandise

Comment on Re^2: Password Generation and Module Multiplication

Replies are listed 'Best First'.
Re^3: Password Generation and Module Multiplication by locked_user sundialsvc4 (Abbot) on Nov 29, 2010 at 13:42 UTC
That, basically, is the case. The number-one most often used password is: `password`. Close behind them are: `enter, secret.` Nevertheless, it doesn’t work. Enforcing complex password-rules simply causes more passwords to be written down. When a system is broken into, it usually is not from “forcing” a password. There are too many “other” ways into a complex system.