I'd be surprised if this didn't greatly help you against dictionary attacks. I'm pretty sure 90% of cracking dictionaries don't even touch that range of UTF-8. Once you get out of dictionary range brute forcing a password is much, much harder...
...although now I'm wondering how long it would take as a map reduce job...
It would also be trivial to write a program to update the dictionaries to include the flipped / reversed / other silly unicode trick version of everything already in the dictionary.
I wouldn't assume that this would help against dictionary attacks for long, if at all now considering that people have been doing stuff like this pretty much since unicode got "mainstream" status.
"encrypt your download links to prevent leechers" -- "encrypting" links with this would be a pain in the ass when you can't perform the reverse process.
Increasing the alphabet for passwords doesn't really make your password stronger than if you would just increase it's length by a character or two, or better yet three or four. But, given that I can't imagine too many password crackers checking for more than a couple common extended characters, it's probably not that bad. Still doesn't excuse passwords like pɹoʍssɐd though.
Every password manager I've used (granted only a few) will generate random ones for you. Is this significantly more secure than a random 18 character string?
These characters aren't easily type-able and most password crackers that I've seen use common ascii/ansi characters not obscure characters like this... It's all relative I guess. There obviously exists a case where these characters aren't helpful.
Can you realistically crack an 18 character random string, even if you know the character set? I mean, I realize that technically increasing the character set would make it harder, but for any web-based service cracking something with 62^18 (or more if other characters are used) possible combinations is impossible in the real world.
That’s very cool indeed. However it doesn’t work well with my survival utf-8 characters:
The flip of à é è ç ô “ ” ‘ ’ € £ is £ € ’ ‘ ” “ ô ç è é à
Great idea nonetheless.
It seems to basically be a proxy to google sites, rewriting URLs. It could be a guy just implementing it as a joke, but he could also be grabbing passwords. It's PHP, which Google doesn't use at all. DO NOT LOGIN HERE!
34 comments
[ 2.0 ms ] story [ 85.2 ms ] threadSnore.
I'm not sure it's that strong.
Good point. It's all one and zeros to computers.
...although now I'm wondering how long it would take as a map reduce job...
I wouldn't assume that this would help against dictionary attacks for long, if at all now considering that people have been doing stuff like this pretty much since unicode got "mainstream" status.
"encrypt your download links to prevent leechers" -- "encrypting" links with this would be a pain in the ass when you can't perform the reverse process.
Because it's awesome. It may be subjective but it's the weekend and it's a cool site.
It's useful for passwords if you use a password manager or equivalent technology.
These characters aren't easily type-able and most password crackers that I've seen use common ascii/ansi characters not obscure characters like this... It's all relative I guess. There obviously exists a case where these characters aren't helpful.
What? Why?
[EDIT] http://ooɥɐʎ.com appears to be available if there are any interested parties.
[EDIT] Works just like Google so hell maybe it is sponsored by Google. Works too quickly to be grabbing pages from Google's servers on the back-end.
A whois lookup reveals it belonging to Jose, who I don't think works at Google: http://whois.net/whois_new.cgi?d=xn--loo-w3ac94c&tld=com
Try 'a b c d e f g h i j k l m n o p q r s t u v w x y z'
Also, textarea's on all of my web pages are screwed up (in Firefox).