Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted June 18, 201113 yr You should choose a strong password, between 3 and 32 characters Passwords of length 3 are not strong. Why is the minimum 3? And why is there a maximum?
June 18, 201113 yr "You should choose a strong password" It's saying you SHOULD use a strong password, but it needs to be between 3 and 32 characters either way..
June 18, 201113 yr Only a idiot will make a password 3 characters long :logik: What 123 isn't a good password? NEWS TO ME.. (but not really lol)
June 18, 201113 yr http://techland.time.com/2011/06/13/the-10-most-popular-iphone-passwords-starring-1234/ ;)
June 18, 201113 yr Passwords of length 3 are not strong. Why is the minimum 3? And why is there a maximum? 3 can be strong enough: yOU,HEr,hiM, (52 ^ 3 = 140,608 that is without the special characters) 32 is more than enough: 52 ^ 32= 8.1678 e+54
June 20, 201113 yr Author 3 can be strong enough: yOU,HEr,hiM, (52 ^ 3 = 140,608 that is without the special characters) Strong enough for what?
June 20, 201113 yr good thing my password is:password = 8 characters :) yep... that's 5 characters above the idiots choice of only three. I'm smaaaaaaaaaart :rofl:
June 20, 201113 yr Strong enough for what? To be a good password. Include the special characters such as - ,_ , @ , %, $, +,( ,) ,^ ,& , etC. and it's becoming even stronger. Use just 10 of them: 52+10=62 62^3 = 238,328h_E
June 27, 201113 yr To be a good password. Use just 10 of them: 52+10=62 62^3 = 238,328 h_E Not at all, I hashed a 4 character password: h_E@ Hash: b77ef9eb5ced73987987fb8846775f24 I then bruteforced it with my GPU using these characters: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~⌂ Starting from [ ] (4 spaces) Hash type: MD5, Hash: b77ef9eb5ced73987987fb8846775f24 Device #0: [GeForce 9600 GT] 1500.00 Mhz 48 SP Found password: [h_E@], HEX: 68 5f 45 40 Processed 92 274 688 passwords in 1s. Thus, 173 775 306 password(s) per second in average. I know IPB uses salts but if you have access to the hash then you'll almost always know the salt too.
June 27, 201113 yr Not at all, I hashed a 4 character password: h_E@ ... Processed 92 274 688 passwords in 1s. Thus, 173 775 306 password(s) per second in average. That's nice. Now is the time to try it on a live board. In less than 1 second, with good luck in less then one millisecond you should be able to login. Without good luck, such as the board has protection against repeated failed login attempts it can take a little longer. Sending the passwords through the Net,some time for the server to process them could take a few milliseconds as well...
June 27, 201113 yr That's nice. Now is the time to try it on a live board. In less than 1 second, with good luck in less then one millisecond you should be able to login. Without good luck, such as the board has protection against repeated failed login attempts it can take a little longer. Sending the passwords through the Net,some time for the server to process them could take a few milliseconds as well... And what if someone got their hand on a dump of the DB? We're back to 1 second.
June 28, 201113 yr And what if someone got their hand on a dump of the DB? We're back to 1 second. Perhaps they can see the content in less than a second because when their hand is on a dumped database they don't need a password.
July 23, 201113 yr Author Not really. But that's besides the point. The current limits are just silly and should be fixed.
July 23, 201113 yr I personally don't see an issue with this that requires "fixing". If you want your password longer than 3 characters, then make it longer. Nobody is forcing you to make it 3 characters. When they say "You should choose a strong password" they're merely suggesting it. I usually don't go beyond 20 characters when I create a password, so 32 seems like a fair amount if I wanted to go beyond 20+ characters IMO. It's not like I'm opening up a bank account or anything that requires me to come up with a password of more than 32 characters.
August 9, 201113 yr Not really. But that's besides the point. The current limits are just silly and should be fixed. I've fixed mine my self to this... Choose a strong password, between 8 and 32 characters. Hint: Including numbers and punctuation in a mixed case password will generally create a more secure password, which would be exponentially harder to recover using a brute force password discovery method.
April 13, 201212 yr I've fixed mine my self to this... Choose a strong password, between 8 and 32 characters. Hint: Including numbers and punctuation in a mixed case password will generally create a more secure password, which would be exponentially harder to recover using a brute force password discovery method. You've changed the language, but you haven't changed the actual complexity of the password requirement. If a user picked a 3-character password, it would still work. Unless of course you DID change the actual complexity of the password requirement. If that is the case, how did you do it?
April 13, 201212 yr Not really. But that's besides the point. The current limits are just silly and should be fixed.
April 13, 201212 yr Asked for this ages ago but it was ignored.http://community.inv...ost__p__2210552 What was ignored? The link you provided shows a nice looking mod that Adriano developed.
Archived
This topic is now archived and is closed to further replies.