To: for-q-clinton
If windows has a policy for 12 character password with uniqueness (letters, caps, special) and Linux has a policy set to only 8 character passwords, then they'd be about the same. So now you're changing the comparison? I was comparing the same length passwords between the two, and showing what the increase would be if Windows just salted their passwords.
415 posted on
08/30/2005 7:56:55 AM PDT by
ShadowAce
(Linux -- The Ultimate Windows Service Pack)
To: ShadowAce
Nope not changing. Just applying a good administrator. So in the end the Linux user experience would be better because he only needs an 8 character password vs. a windows 12 character password. That's something to be happy about. Users hate long passwords.
Having said that, it doesn't make that much of a difference based on the way Rainbow Crack works (based on my limited read of the tool). Bascially you customize the hash table to the password policy in affect. So if you know the password is 8 characters and the salt is 4. And you know it must have caps and lower case. Then your hash table gens up hashs based on that info.
417 posted on
08/30/2005 8:01:36 AM PDT by
for-q-clinton
(If at first you don't succeed keep on sucking until you do succeed)
To: ShadowAce
Keep in mind antiRepublicrat said Linux wasn't vulnerable to Rainbow Crack brute force attack because it used salting. My point was to show that it is vulnerable. Not that Windows is better.
420 posted on
08/30/2005 8:05:12 AM PDT by
for-q-clinton
(If at first you don't succeed keep on sucking until you do succeed)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson