Reply to post: Re: Human versus machine input

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

Roland6 Silver badge

Re: Human versus machine input

If the computer can brute-force test a dictionary against human passwords at it's own ever-growing speed, then the computer will win.

This exploit is facilitated through the blindness of 'security' people!

Two pieces of information:

iAPX432

Intel432@me.com

Which is the 'password' and which is the username?

When you think about it, both are really interchangeable, only convention dictates we encrypt one and not the other...

The point is with a dictionary attack, the first may be readily discovered, the second, at 15 characters will take a little time.... A little thought into the way we store credentials and the linkage between them can make attacks much more expensive.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020