How secure is your password?
#1
I found this article: http://www.wired.com/news/columns/0,72458-0.html via http://www.linuxsecurity.com

The author does an excellent job of explaining how password cracking programs work, and how fast they can crack certain difficulty passwords. He also gives tips on how to improve ones' passwords to help improve the security of your information. Enjoy!

Yrrek

P.S. - Don't forget to update your passwords! =D
WWBBD?
Reply
#2
Something to remember, the writer assumes that the cracker has access to either a physical media or a fast LAN with one or more files using the password.

He'd see his progress slowed down dramatically due to response times, if he tried the same thing against an online target.
Hugs are good, but smashing is better! - Clarence<!--sizec--><!--/sizec-->
Reply
#3
Quote:So if you want your password to be hard to guess, you should choose something not on any of the root or appendage lists. You should mix upper and lowercase in the middle of your root. You should add numbers and symbols in the middle of your root, not as common substitutions. Or drop your appendage in the middle of your root. Or use two roots with an appendage in the middle.

Even something lower down on PRTK's dictionary list -- the seven-character phonetic pattern dictionary -- together with an uncommon appendage, is not going to be guessed. Neither is a password made up of the first letters of a sentence, especially if you throw numbers and symbols in the mix.

The above paragraphs are lifted from the middle of the linked article as the advice for choosing "hard to guess" passwords (which seems to indicate that the attack software described by the author would have to go to it's sixth and seventh set of generating tools to get). Also, the first paragraph I quoted is something similar to the guidelines implemented by the IT folks at my company...

Passwords must meet three of the following four criteria:
1) contains 3 or more lower case letters
2) contains 3 or more upper case letters
3) contains 1 or more special characters (@, #,$, %, &, !, ,, ., and ? are acceptable, \, /, and * are not)
4) contains 1 or more numbers
Passwords must be reset every 2 months, and cannot be the same as any of your last 3 passwords.

The thing I always try to avoid are things that everyone knows about me like my wife's name, my son's name, etc. These sorts of things are very easy to remember, and very easy to guess. They also seem like things that would be common in the passwords of grandparents and non-savvy folks who would be likely to have a document somewhere in their email of all their bank accounts, etc. Not that I know anyone like that...

/forwards article on to his own parents/
but often it happens you know / that the things you don't trust are the ones you need most....
Opening lines of "Psalm" by Hey Rosetta!
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)