[OWASP_PHPSEC] Dictionary Attack ?

Abbas Naderi abiusx at owasp.org
Sat Jun 1 05:52:12 UTC 2013


Well its not easy to detect that. Maybe the password is something that exists in common rainbow tables instead of dictionaries? We should thwart those too…
We should fight the issue objectively, not subjectively. We are not gonna let it get ill, then try to fix it. We shall vaccinate it (by complexity and entropy and strength).
-Abbas
On ۱۱ خرداد ۱۳۹۲, at ۱۰:۰۹, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:

> no no...what I was asking is that if user enters some password that is found in dictionary, then to thwart that....like if I keep password "abridge" or "denounce" or "queen" or "rats"...something like this...
> 
> 
> On Sat, Jun 1, 2013 at 1:23 AM, Abbas Naderi <abiusx at owasp.org> wrote:
> Yes,
> more entropy and using more character sets in the password. Thats why we count them towards strength!
> -A
> On ۱۱ خرداد ۱۳۹۲, at ۷:۴۳, rahul chaudhary <rahul300chaudhary400 at gmail.com> wrote:
> 
> > HI...I am still searching for this, but I thought it would be faster if I ask it here.
> >
> > Do you know any way to stop dictionary attacks. We can keep a list of dictionary words and see if user-supplied password matches any of them. But other than this, do you suggest anything?
> >
> > --
> > Regards,
> > Rahul Chaudhary
> > Ph - 412-519-9634
> > _______________________________________________
> > OWASP_PHP_Security_Project mailing list
> > OWASP_PHP_Security_Project at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
> 
> 
> 
> 
> -- 
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130601/0f9d84df/attachment-0001.html>


More information about the OWASP_PHP_Security_Project mailing list