Jump to content

Recommended Posts

Posted

I was thinking and not knowing too much about how password cracking works I though I'd ask and see if anyone knew more about this...

I don't use hotmail anymore, but I did at one point, and if I remember correctly the mininum password length is 6 characters. But becasue people don't like to remember long passwords they would make it as small as they could get away with.. i.e. 6 so if you were trying to bruteforce a password like that shouln't you start with only password at 6 characters long making the password less secure to brute forcing where you'd have to start with 1 character and go from there?

Or do I have no idea what i'm talking about and am just talking out my ass?

(I'm not targeting hotmail it's just the first thing that came to mind when I thought of making password have a mininum length)

[edited for spelling]

Posted

Password cracking is not the same (but is similare) as a password dictionary or brute force atacke. Password cracking is where you get the hash of a password, then see if you can regenerate the same hash using the same algorthem used to generate the stolen hash.

What you discribed (in the hotmail example) is password brute forcing, where you know the pobable length of the password and you know that it's probably an actual word. The problem of course with this is that after so many failed login atempts, the server will denie access for 30 minuets or what ever it's set to. So brute forcing a htomail password is fundamentaly flawed in that it would take an incredably long time, since every three failed passwords you have to wait 30 minuets to try another three.

Posted

No i get that cracking passwords from a hash and everything...

and I'm not thinking of this for usablity stand point..

but from is it not a better idea for make the password accept anything? (instead of having a mininum length) to protect from a brute force attack?

ie if I was going to brute force somthing making a minium password length only saves me from trying a, b, c.... aa, ab, ac.... zzzzz, zzzz0, zzzz1... there for from someone who was going to pick a password from 6-* chars anyway it only makes it easier for me to get the right one sooner?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...