PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Beginning Ajax with PHP: From Novice to Professional, Part 2
10 Tips That Every PHP Developer Should Know
In Case You Missed It...The Month of March 2007
A Practical Approach to Object-Relational Mapping in PHP
Strings & Text in PHP - The ABCs of PHP Part 5

Sr. Web Developer
mediabistro.com
US-NY-New York

Post A Job | Post A Resume

Comments for: jesus19990502

Message # 1013018:

Date: 08/21/02 17:04
By: Lee Profile
Subject: RE: Think like an Application Architect

Jon is, of course, correct -- dictionary attacks are very simple, highly effective exploits.

However, the pronouncable password should be -- as I noted -- be for one-time use only. Just give users a sunjump password to get in and then force them to change to a password with the necessary complexity to make dictionary attacks less of an issue.

Yes, this still leaves the site vulnerable if: 1) One knows a user who has just gotten one of these one-time passwords (or can see the usernames) 2) Runs dictionary attack when the password has not been yet changed.

Hole? Sure. But for the most part, pretty secure. You could add a layer of complexity by forcing the user to enter some other info to authenticate themselves, but that's getting a little out there.

Previous Message | Next Message

Comments:
re: pronouncable is important	Saint	05/15/03 17:56
RE: easy to remember gibberish	James	11/28/02 20:13
RE: See FIPS-181	tom	11/07/02 13:58
Big Mistake	gilhad	10/30/02 09:26
RE: Think like an Application Architect	Lee	08/21/02 17:04
easy to remember gibberish	Andrew Penry	07/27/02 19:39
RE: Think like an Application Architect	Jon Nadal	07/24/02 15:33
Think like an Application Architect	Lee	04/16/02 22:01
RE: Another possible access	Mike Marinescu	03/01/02 01:53
RE: See FIPS-181	mike	01/09/02 10:52
Question	Jeff Williams	12/20/01 22:05
Parse Error	Vijay Avarachen	11/26/01 06:45
RE: One (of many) alternative solution	Brian Clancey	08/23/01 16:49
RE: Another possible access	David Altherr	07/06/01 12:29
RE: One (of many) alternative solution	Hugh Bothwell	06/23/01 11:22
RE: html editor and courses	James Diss	06/07/01 07:39
How about alternate vowels & consonants?	Tom Westmacott	05/07/01 12:29
One (of many) alternative solution	Jack Healy	05/03/01 09:29
RE: Another possible access	Jeremy Weiskotten	04/19/01 18:59
html editor and courses	Marlon Benjamin	03/08/01 11:01
See FIPS-181	Andy	03/07/01 17:24
RE: Another possible access	Katie	03/02/01 19:19
RE: Insecurity.	Bill Canaday	02/26/01 15:12
RE: Insecurity.	Jay	02/21/01 11:26
RE: Insecurity.	Lance Sloan	02/08/01 15:56
RE: Insecurity.	Allen	02/03/01 11:49
RE: Another possible access	Martin Scheffler	01/11/01 06:17
RE: Insecurity.	Matt	12/15/00 17:50
Insecurity.	Michal Zajaczkowski	11/27/00 06:34
Another possible access	Tomas Krojzl	09/16/00 09:16
If you are looking for help, please post on the appropriate forum here. Your questions will be answered much more quickly. Add A Comment: Name: Email: Subject: Message: To reduce spam posts, messages are now manually approved You are not [logged in]. That means your account will not get credit for this post.

Comments for: jesus19990502

Add A Comment: