1
0

theor.: add stylistical fixes

This commit is contained in:
surtur 2023-08-23 20:14:17 +02:00
parent 721b704457
commit 578db2c789
Signed by: wanderer
SSH Key Fingerprint: SHA256:MdCZyJ2sHLltrLBp0xQO0O1qTW9BT/xl5nXkDvhlMCI

@ -105,7 +105,7 @@ passwords~\cite{rockyou},~\cite{plaintextpasswds1},~\cite{plaintextpasswds2},~\c
So while a service might not be storing passwords in \emph{plain text}, which
is a good practice, using a hashing function not designed to protect passwords
does not offer much additional protection in the case of weak passwords, which
does not offer much additional protection in case of weak passwords, which
happen to be the ones that are the most commonly used.
It would seem only logical that a service that is not using cryptographic
@ -251,13 +251,12 @@ creating strong passwords directly, most users first try a basic version and
then keep tweaking characters until the password ends up fulfilling the minimum
requirement.
The \emph{problem} with it is that it has been shown, that people use similar
patterns, i.e.\ starting with capital letters, putting a symbol last and a
number in the last two positions. This is also known to people cracking the
password hashes and they run their dictionary attacks using the common
substitutions, such as ``\$'' for ``s'', ``E'' for ``3'', ``1'' for ``l'',
``@'' for ``a''
etc.~\cite{megatron},~\cite{hashcracking},~\cite{hashcracking2}. It is safe to
The \emph{problem} is that that people use similar patterns, i.e.\ starting
with capital letters, putting a symbol last and a number in the last two
positions. This is also known to people cracking the password hashes and they
run their dictionary attacks using the common substitutions, such as ``\$'' for
``s'', ``E'' for ``3'', ``1'' for ``l'', ``@'' for ``a''
etc.~\cite{hashcracking},~\cite{hashcracking2},~\cite{megatron}. It is safe to
expect that the password created in this manner will almost certainly be bad,
and the only achievement was to frustrate the user in order to still arrive at
a bad password.