New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Uhh... adding additional character sets increases the possibilities. Latin characters, symbols, Cyrillic characters, etc. So "four Russian words with an asterisk" is higher entropy than "four Russian words". The problem is, as you said, finding the sets you need to use, but... that doesn't mean they're "the same".
Inserting cyrillic characters in passwords has problems though... not every terminal has cyrillic support.
That's not how entropy works. Each character's entropy is dependent on its position and charset. Cyrillic, which falls into the 'all ASCII' category, has the same entropy value as the asterisk you're replacing it with (also from the same 'all ASCII' category).
End result: Same entropy value, harder password for you to remember.
@antiven - cyrillic is not a 'charset'. Symbols are not a 'charset'. Both the cyrillic
дand the symbol*have a value between 4 and ~8,5 bits for entropy, dependent on position. Swapping a cyrillic character for an asterick does not increase entropy value, period.Folks, please do some actual research on how entropy works before making assumptions. There are few things as irritating as this particular argument, ESPECIALLY for folks that are professionally trained in the field (and not just making guesses based on 'common knowledge' and 20 minutes on wikipedia) that have to consistently correct false assumptions. Passwords are situational, and a password with higher entropy is not necessarily 'more secure' than a different password with a lower entropic value. Nor does high entropy automatically mean good security, which is the confusion that you are making.
Never mind, entropy vs. key space.
I guess that SolusVM does not allow to enter symbols because it may lead to inability to enter the password using the KVM VNC console. SolusVM does not have the option to select a custom (international) keymap switch for qemu. If you have a non-USA keyboard and try to use the SolusVM VNC console, most ot the symbols keys are dead.
Point is ChicagoVPS is the best.
Uhh... who says Cyrillic fall into the 'all ASCII' category? (I know exactly how entropy works - but that's irrelevant). If someone knows its only Cyrillic, they can try only Cyrillic. If they know it's Cyrillic and Symbols, they can try both, but that's more stuff to try. Herp derp.
Categories are commonly defined as:
Numerals [0-9]
Hex [0-9,A-F]
Case Insensitive Latin [a-zA-Z]
Case Insensitive Alphanumeric [a-zA-Z0-9]
Case Sensitive [a-zA-Z]
Case Sensitive [a-zA-Z0-9]
All ASCII
Extended ASCII Printable
A wordlist I can't quite remember the name of.
Pretty much anything you can call up in Charmap on windows (including cyrillic) falls under All ASCII, unless they fit a previously defined pattern. That puts symbols and cyrillic in the same group, with the same rough entropy.
You're looking at it from the wrong point of view. As an english speaker, your passwords are most commonly [a-zA-Z0-9] and symbols. If I did not speak English or French, my passwords would likely be cyrillic, 0-9, and symbols. As it happens, I know languages from a plethora of 'charsets', and as such most of my passwords are mixed between latin, cyrillic, chinese, etc.
My 'cyrillic only' arguement was based on the categories above, in which replacing a cyrillic letter with an asterisk would not increase entropy, though it would make it 'more secure' under other definitions.
Different types of passwords have different strengths, and one should never rely on a single theory ("my password has more bits than yours!") for security.
My guess would be more along the lines of they don't know how to properly sanitize input, so rather than risk another exploit they just prohibited non-alphanumeric completely.
Sounds dumb. If is like that then Solus has a lot of SQL injection, lol.
libvirt doesn't play nicely with funky characters in its XML file. It may be possible to use a <!CDATA> or however it goes to include but but it's likely just easier to force alphanumeric. As for OVZ passwords you need to funk around a bit to allow passing of most symbols to vzctl without issues occuring.
Francisco
Dammit boss, learn to quote the right people <_< pcan said that, not me :P