On 12/16/05, geni geniice@gmail.com wrote:
On 12/15/05, Neil Harris usenet@tonal.clara.co.uk wrote:
It would probably make sense to check for zero-length passwords at account creation time, and to scan for zero length and other trivial passwords on existing accounts, if possible, and issue a warning that they will be locked if the user does not change their password after (say) a month.
Due to the way they are stored in the database this may not be posible.
-- geni
There's only one null string. For a given account's salt, you could easily try hashing the null string with that salt.
Nathan