sordidarchetype wrote:-Ninjex- wrote:It's not a misconception that "L1quiiD-N!TroG3n" will be more secure than "bobjoe1", that is my argument.
If it wasn't more secure, we wouldn't have such a difficult time creating passwords for hts
I just checked with a few of my friends, and at least three of them have liiquid-nitrogen and liquiid-nitrogen in their dictionaries.
Just to put this in perspective, one of them ran a quick test against an md5 of L1quiiD-N!TroG3n using the new leetspeak rules and it fell within 10 minutes.
I figured that was worth mentioning.
Go compare that to the amount of dictionaries with "bobjoe1" now.
Also keep in mind with a large database dump via SQLi, the attacker would probably run plain text MD5 checks, and not use the leet ruleset.
Impossibility is never a factor. I am stating that if you do as said, it will be more secure. Your argument isn't based correctly. Any password can be cracked or reversed.