Password Security Questions 1. Give an example of a website implementing a polic
ID: 654541 • Letter: P
Question
Password Security
Questions
1. Give an example of a website implementing a policy that is designed to thwart dictionary based attacks?
2. Of your list of passwords, how many were cracked? Was it surprising? If you didn't use the case permutation
option do you think that might have caused it to crack the password? In other words is your password likely in
the dictionaries but you have one or more case changes?
3. From an attackers perspective what is the problem with brute forcing?
4. From an end-users point of view, what is the problem with a long password?
5. Will the scan likely take the entire estimated time? Why or why not?
6. If the estimated time is more for secret1 than it was for secret, is it significantly longer? What does that say
about the importance of password length?
7. Do the results so far imply anything about the importance of avoiding dictionary based passwords?
8. How long is the estimated time? If it is in a notation you don
1. Give an example of a website implementing a policy that is designed to thwart dictionary based attacks?
2. Of your list of passwords, how many were cracked? Was it surprising? If you didn't use the case permutation
option do you think that might have caused it to crack the password? In other words is your password likely in
the dictionaries but you have one or more case changes?
3. From an attackers perspective what is the problem with brute forcing?
4. From an end-users point of view, what is the problem with a long password?
5. Will the scan likely take the entire estimated time? Why or why not?
6. If the estimated time is more for secret1 than it was for secret, is it significantly longer? What does that say
about the importance of password length?
7. Do the results so far imply anything about the importance of avoiding dictionary based passwords?
8. How long is the estimated time? If it is in a notation you don
Explanation / Answer
1. http://user:password@www.example.com/login.htm
2. Yes few of my passwords were cracked, since they were not case sensitive.
3. The biggest problem is that it is very hardware intensive.
4. It is very difficult yo remember long password
5. Yes it takes entire estimated time becaues all possible passwords are generated and matched.
6. Password length should be longer to have more security.
7. There are some alternatives developed to it.
8. Estimated time is very small, it is equal to the spelling checking in email.
9. It is likely that a password can be cracked using this method.
10. Yes this is good idea.