I might be mistaking but while I was checking the Node.js implementation of the CheckPassword method, I noticed the following code :
exports.CheckPassword = function(password) {
//make sure it is lower case, this function can be called by itself
password = password.toLowerCase();
var common = CheckCommon(password)
return common === true ? -1 : BruteForce(password);
}
The method lower-case the password to check it against the dictionary which makes sense. However, we try to brute force the lower-cased password and not the original one. Shouldn't we do this instead ?
exports.CheckPassword = function(password) {
//make sure it is lower case, this function can be called by itself
var common = CheckCommon(password.toLowerCase());
return common === true ? -1 : BruteForce(password);
}
Same goes for the BruteForce method. Why is Mellt testing a lower-cased version of the password ?
SeanJA
commented
7 years ago
Hi,
I might be mistaking but while I was checking the Node.js implementation of the
CheckPasswordmethod, I noticed the following code :The method lower-case the password to check it against the dictionary which makes sense. However, we try to brute force the lower-cased password and not the original one. Shouldn't we do this instead ?
Same goes for the
BruteForcemethod. Why isMellttesting a lower-cased version of the password ?