theor.: add stylistical fixes
This commit is contained in:
parent
721b704457
commit
578db2c789
@ -105,7 +105,7 @@ passwords~\cite{rockyou},~\cite{plaintextpasswds1},~\cite{plaintextpasswds2},~\c
|
||||
|
||||
So while a service might not be storing passwords in \emph{plain text}, which
|
||||
is a good practice, using a hashing function not designed to protect passwords
|
||||
does not offer much additional protection in the case of weak passwords, which
|
||||
does not offer much additional protection in case of weak passwords, which
|
||||
happen to be the ones that are the most commonly used.
|
||||
|
||||
It would seem only logical that a service that is not using cryptographic
|
||||
@ -251,13 +251,12 @@ creating strong passwords directly, most users first try a basic version and
|
||||
then keep tweaking characters until the password ends up fulfilling the minimum
|
||||
requirement.
|
||||
|
||||
The \emph{problem} with it is that it has been shown, that people use similar
|
||||
patterns, i.e.\ starting with capital letters, putting a symbol last and a
|
||||
number in the last two positions. This is also known to people cracking the
|
||||
password hashes and they run their dictionary attacks using the common
|
||||
substitutions, such as ``\$'' for ``s'', ``E'' for ``3'', ``1'' for ``l'',
|
||||
``@'' for ``a''
|
||||
etc.~\cite{megatron},~\cite{hashcracking},~\cite{hashcracking2}. It is safe to
|
||||
The \emph{problem} is that that people use similar patterns, i.e.\ starting
|
||||
with capital letters, putting a symbol last and a number in the last two
|
||||
positions. This is also known to people cracking the password hashes and they
|
||||
run their dictionary attacks using the common substitutions, such as ``\$'' for
|
||||
``s'', ``E'' for ``3'', ``1'' for ``l'', ``@'' for ``a''
|
||||
etc.~\cite{hashcracking},~\cite{hashcracking2},~\cite{megatron}. It is safe to
|
||||
expect that the password created in this manner will almost certainly be bad,
|
||||
and the only achievement was to frustrate the user in order to still arrive at
|
||||
a bad password.
|
||||
|
Reference in New Issue
Block a user