Timeline for philosophical: restricting the password space increases security
Current License: CC BY-SA 3.0
12 events
when toggle format | what | by | license | comment | |
---|---|---|---|---|---|
Aug 2, 2018 at 12:31 | answer | added | Tom | timeline score: 0 | |
Mar 20, 2016 at 16:28 | vote | accept | pavlak11 | ||
Mar 19, 2016 at 12:19 | comment | added | user49075 | There is a password with a good reason for not being allowed: the empty string. That way, if the password field is left empty, then the provided "username" should not be stored. | |
Mar 19, 2016 at 2:37 | comment | added | Neil Smithline | The second scheme can produce passwords like 'pass12'. A top 250 password. Very bad. | |
Mar 18, 2016 at 22:34 | comment | added | Stack Exchange Supports Israel | The average entropy decreases, but the entropy of the weakest passwords may increase. | |
Mar 18, 2016 at 21:15 | history | tweeted | twitter.com/StackSecurity/status/710937691152633857 | ||
Mar 18, 2016 at 20:53 | comment | added | Jeff Meden | Guaranteeing that a password has chars from both groups does nothing to resist brute forcing attacks. If the attackers are brute forcing and try the all numbers first, then all letters first, then the rest, they are simply ordering the way they exhaust the password space, not make it any easier to get to the end (which statistically is the only point). Why not just use the first method and throw away any output that doesn't have at least 2 letters and at least 2 numbers? | |
Mar 18, 2016 at 18:55 | answer | added | TTT | timeline score: 15 | |
Mar 18, 2016 at 18:19 | answer | added | Mike Ounsworth | timeline score: 11 | |
Mar 18, 2016 at 18:18 | comment | added | AdHominem | The second scheme will not be more resilient to brute force than the first one, it just ensures that users won't be able to get really bad ones. If the implementation is leaked it would even be magnitudes easier to brute force. Guaranteeing that a password has at least x of a certain type has to be a property of the char set, not a decision. | |
Mar 18, 2016 at 18:11 | review | First posts | |||
Mar 18, 2016 at 18:23 | |||||
Mar 18, 2016 at 18:08 | history | asked | pavlak11 | CC BY-SA 3.0 |