CnCNet Posted June 18, 2011 Share Posted June 18, 2011 You should choose a strong password, between 3 and 32 characters Passwords of length 3 are not strong. Why is the minimum 3? And why is there a maximum? Link to comment Share on other sites More sharing options...
Robulosity2 Posted June 18, 2011 Share Posted June 18, 2011 "You should choose a strong password" It's saying you SHOULD use a strong password, but it needs to be between 3 and 32 characters either way.. Link to comment Share on other sites More sharing options...
JahLion Posted June 18, 2011 Share Posted June 18, 2011 Only a idiot will make a password 3 characters long :logik: Link to comment Share on other sites More sharing options...
Robulosity2 Posted June 18, 2011 Share Posted June 18, 2011 Only a idiot will make a password 3 characters long :logik: What 123 isn't a good password? NEWS TO ME.. (but not really lol) Link to comment Share on other sites More sharing options...
Ikadon Posted June 18, 2011 Share Posted June 18, 2011 http://techland.time.com/2011/06/13/the-10-most-popular-iphone-passwords-starring-1234/ ;) Link to comment Share on other sites More sharing options...
Misi Posted June 18, 2011 Share Posted June 18, 2011 Passwords of length 3 are not strong. Why is the minimum 3? And why is there a maximum? 3 can be strong enough: yOU,HEr,hiM, (52 ^ 3 = 140,608 that is without the special characters) 32 is more than enough: 52 ^ 32= 8.1678 e+54 Link to comment Share on other sites More sharing options...
CnCNet Posted June 20, 2011 Author Share Posted June 20, 2011 3 can be strong enough: yOU,HEr,hiM, (52 ^ 3 = 140,608 that is without the special characters) Strong enough for what? Link to comment Share on other sites More sharing options...
Enkidu Posted June 20, 2011 Share Posted June 20, 2011 good thing my password is:password = 8 characters :) yep... that's 5 characters above the idiots choice of only three. I'm smaaaaaaaaaart :rofl: Link to comment Share on other sites More sharing options...
Misi Posted June 20, 2011 Share Posted June 20, 2011 Strong enough for what? To be a good password. Include the special characters such as - ,_ , @ , %, $, +,( ,) ,^ ,& , etC. and it's becoming even stronger. Use just 10 of them: 52+10=62 62^3 = 238,328h_E Link to comment Share on other sites More sharing options...
CnCNet Posted June 27, 2011 Author Share Posted June 27, 2011 It'd be nice if Invision could increase the (default) minimum. Link to comment Share on other sites More sharing options...
Sly_Ripper Posted June 27, 2011 Share Posted June 27, 2011 To be a good password. Use just 10 of them: 52+10=62 62^3 = 238,328 h_E Not at all, I hashed a 4 character password: h_E@ Hash: b77ef9eb5ced73987987fb8846775f24 I then bruteforced it with my GPU using these characters: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~⌂ Starting from [ ] (4 spaces) Hash type: MD5, Hash: b77ef9eb5ced73987987fb8846775f24 Device #0: [GeForce 9600 GT] 1500.00 Mhz 48 SP Found password: [h_E@], HEX: 68 5f 45 40 Processed 92 274 688 passwords in 1s. Thus, 173 775 306 password(s) per second in average. I know IPB uses salts but if you have access to the hash then you'll almost always know the salt too. Link to comment Share on other sites More sharing options...
TSilva Posted June 27, 2011 Share Posted June 27, 2011 Strong enough for what? To be cracked. :ninja: Strong as in likely. :rofl: Link to comment Share on other sites More sharing options...
Misi Posted June 27, 2011 Share Posted June 27, 2011 Not at all, I hashed a 4 character password: h_E@ ... Processed 92 274 688 passwords in 1s. Thus, 173 775 306 password(s) per second in average. That's nice. Now is the time to try it on a live board. In less than 1 second, with good luck in less then one millisecond you should be able to login. Without good luck, such as the board has protection against repeated failed login attempts it can take a little longer. Sending the passwords through the Net,some time for the server to process them could take a few milliseconds as well... Link to comment Share on other sites More sharing options...
Sly_Ripper Posted June 27, 2011 Share Posted June 27, 2011 That's nice. Now is the time to try it on a live board. In less than 1 second, with good luck in less then one millisecond you should be able to login. Without good luck, such as the board has protection against repeated failed login attempts it can take a little longer. Sending the passwords through the Net,some time for the server to process them could take a few milliseconds as well... And what if someone got their hand on a dump of the DB? We're back to 1 second. Link to comment Share on other sites More sharing options...
Misi Posted June 28, 2011 Share Posted June 28, 2011 And what if someone got their hand on a dump of the DB? We're back to 1 second. Perhaps they can see the content in less than a second because when their hand is on a dumped database they don't need a password. Link to comment Share on other sites More sharing options...
CnCNet Posted July 23, 2011 Author Share Posted July 23, 2011 Not really. But that's besides the point. The current limits are just silly and should be fixed. Link to comment Share on other sites More sharing options...
Chito Posted July 23, 2011 Share Posted July 23, 2011 I personally don't see an issue with this that requires "fixing". If you want your password longer than 3 characters, then make it longer. Nobody is forcing you to make it 3 characters. When they say "You should choose a strong password" they're merely suggesting it. I usually don't go beyond 20 characters when I create a password, so 32 seems like a fair amount if I wanted to go beyond 20+ characters IMO. It's not like I'm opening up a bank account or anything that requires me to come up with a password of more than 32 characters. Link to comment Share on other sites More sharing options...
JahLion Posted August 9, 2011 Share Posted August 9, 2011 Not really. But that's besides the point. The current limits are just silly and should be fixed. I've fixed mine my self to this... Choose a strong password, between 8 and 32 characters. Hint: Including numbers and punctuation in a mixed case password will generally create a more secure password, which would be exponentially harder to recover using a brute force password discovery method. Link to comment Share on other sites More sharing options...
Axel Wers Posted August 9, 2011 Share Posted August 9, 2011 Passwords should have at least 8 characters. Link to comment Share on other sites More sharing options...
KevinMc Posted April 13, 2012 Share Posted April 13, 2012 I've fixed mine my self to this... Choose a strong password, between 8 and 32 characters. Hint: Including numbers and punctuation in a mixed case password will generally create a more secure password, which would be exponentially harder to recover using a brute force password discovery method. You've changed the language, but you haven't changed the actual complexity of the password requirement. If a user picked a 3-character password, it would still work. Unless of course you DID change the actual complexity of the password requirement. If that is the case, how did you do it? Link to comment Share on other sites More sharing options...
texterted Posted April 13, 2012 Share Posted April 13, 2012 Asked for this ages ago but it was ignored. Link to comment Share on other sites More sharing options...
banichkasboza Posted April 13, 2012 Share Posted April 13, 2012 Not really. But that's besides the point. The current limits are just silly and should be fixed. Link to comment Share on other sites More sharing options...
KevinMc Posted April 13, 2012 Share Posted April 13, 2012 Asked for this ages ago but it was ignored.http://community.inv...ost__p__2210552 What was ignored? The link you provided shows a nice looking mod that Adriano developed. Link to comment Share on other sites More sharing options...
texterted Posted April 14, 2012 Share Posted April 14, 2012 I linked to a thread, not a post. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.