[WikiEN-l] Password checking
Larry Pieniazek
lar at miltontrainworks.com
Tue May 8 17:30:56 UTC 2007
> Date: Tue, 8 May 2007 16:29:31 +0100
> From: geni <geniice at gmail.com>
> Subject: Re: [WikiEN-l] Feasible security idea for login? (was: Admin
> account cracker about to be run internally)
<
> So far every password testing website the IRC crew tested rated
> Password123456 as at least moderate.
> --
> geni
Try this checker
http://www.lugnet.com/people/members/pwsa/
It rates password123456 as weak and says why...
Appraisal: Weak (FAIL)
Weaknesses:
* Highly risky:
o Numeric sequence 123456
o Keyboard row sequence 123456
o Keyboard neighbor sequence 123456
o Ascending ASCII sequence 123456
* Mildly risky:
o Absent of any special characters (non-alphanumeric)
o Dictionary words: 123456, 12345, password, sword
* Slightly risky:
o Character run ss
o Absent of any capital letters A-Z
o Numeric sequence 123456 (from 123456)
o Numeric sequence 55 (from ss)
o Dictionary words: 1234, 123, 234, 3456, asg (from 456), ass,
asw, diz (from d12), dize (from d123), drow (from word), eas (from 345),
easg (from 3456), ehs (from 345), ize (from 123), lze (from 123), ord, pas,
pass, rdi (from rd1), rdl (from rd1), rows (from swor), saez (from 2345),
shez (from 2345), ssap (from pass), ssw, swo, swor, wor, word, zea (from
234), zeh (from 234), zehs (from 2345)
Estimate of overall strength: -609%
That's not at all an acceptable rating from that checker and lugnet will not
let you use password123456 as a password unless you check a box saying that
you accept that it's sucky.
Todd might or might not be willing to share this code (it's not GFDL at this
time)... But there ARE better password checkers out there.
Larry Pieniazek
Work mail: lpieniaz at us.ibm.com
Hobby mail: lar at miltontrainworks.com
More information about the WikiEN-l
mailing list