netbsd-help: Re: why not use "an all-lower case password"

Subject: Re: why not use "an all-lower case password"
To: None <netbsd-help@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: netbsd-help
Date: 04/07/2001 21:59:42

> > that the password was composed of letters only?  Why should all-
> > lower case be any less secure than a mixture of upper and lower, with
> > or without digits?
> 
> Some can attempt to break your passwords by trying a series of possible
> patterns like: "aaaaaaaa" ... "aaaaaaab" ... "zzzzzzzz". (Usually DES
> implementations only recognize or use the first eight characters.) I think
> this is 26^8. (There will be more than that becuase you have to consider
> all the passwords from length one to seven also.) I wrote a perl script
> with that is trying possible patterns (a-z) -- it is taking a while... 
> 
> This would take a long time, but a lot less than if you had used more
> characters.

Not that it really matters or I really care, but before I turn off my AMD
K6-2 400 workstation (so I can have a needed day off), I just noticed that
a simple perl script is working a way trying every possible combination of
eight-character plain-text passwords (ignoring the possibility of
passwords with less than eight characters!).

I had started it on Monday when I wrote the previous message. It is at
number 154431840368 and the TIME is 110.9H (number of system and user cpu
seconds that the process has used).

   Jeremy C. Reed
   http://www.reedmedia.net/