Subject: Re: security/10206 - proposed solution (concept)
To: Nino Dehne <>
From: Elad Efrat <>
List: tech-security
Date: 08/19/2005 11:32:31
Nino Dehne wrote:

> How about the ability to specify a regex that the password must match?

This would take even another step towards making brute-force a whole lot
easier with JtR, for example.

My own way would be to simply enforce the length and use some
brute-force detection to prevent the attacks. If an admin don't look at
the logs, it doesn't matter if you have 2 or 2000 failed login


Elad Efrat
PGP Key ID: 0x666EB914