|
|
|
|
|
|
by hwbehrens
2376 days ago
|
|
|
I would say in general, no. For a long time, American Express had something along the lines of `^[A-z0-9]{6,8}$`. Given a candidate string, evaluating even this extremely basic regex will take more time than comparing it against a hash table. I suppose you could flip it around and use it as a generator for an arbitrary dictionary, but then you'll run into memory limitations first. Plus, there's always the fact that an adversary can just, you know, go find the password requirements on the website and generate a matching regex themselves. Of course, if the regex is something like `^password$`... |
|
|
For a more complex regex, you could resort to a simplified version (eg, with larger search space). But the space of all random strings is way too huge to just generate random bitstrings and hope they match the regex.