note ysth <p>Brute force attacks against a single password, granted. </p> <p>But without complexity rules, a letter-only brute force attack or rainbow table attack against a list of hashed passwords will too easily pick off the lazy users. I'd assume the complexity rules are really designed to protect against this case. </p> <!-- Node text goes above. Div tags should contain sig only --> <div class="pmsig"><div class="pmsig-299049"> <small>-- <br /> A math joke: r = | |csc(&theta;)|+|sec(&theta;)|-||csc(&theta;)|-|sec(&theta;)|| |<br /> [http://ysth.info/fortune/|Online Fortune Cookie Search]<br /> [http://ysth.info/initech/|Office Space merchandise] </small> </div></div> 873020 873256