AAPL stock: Click Here |
|
Tips and Deals ---- For Sale & Free Items ---- 'Friendly' Political Ranting |
PSA: check your password strength
Posted by: decay
Date: March 26, 2013 09:51AM
|
Re: PSA: check your password strength
Posted by: August West
Date: March 26, 2013 09:57AM
|
Re: PSA: check your password strength
Posted by: TLB
Date: March 26, 2013 10:21AM
|
Re: PSA: check your password strength
Posted by: MEG
Date: March 26, 2013 10:26AM
|
Re: PSA: check your password strength
Posted by: mikebw
Date: March 26, 2013 10:29AM
|
Quote
TLB
I've seen some of experts argue length is much more important than complexity, but this shows a 64 character lower case password as very weak and a "complex" 8 character password as very strong. The complex will aid against guessing, but length should win in a brute force attack, no?
Re: PSA: check your password strength
Posted by: Markintosh
Date: March 26, 2013 10:36AM
|
Re: PSA: check your password strength
Posted by: M A V I C
Date: March 26, 2013 11:08AM
|
Re: PSA: check your password strength
Posted by: MEG
Date: March 26, 2013 11:10AM
|
Quote
mikebw
EDIT: The problem with that XKCD example is that it assumes the attack is only brute force, and will not try combinations of dictionary words. A computer would not think to do that, but a person behind the attack might.
Re: PSA: check your password strength
Posted by: rz
Date: March 26, 2013 12:34PM
|
Re: PSA: check your password strength
Posted by: rz
Date: March 26, 2013 12:38PM
|
Quote
MEG
Quote
mikebw
EDIT: The problem with that XKCD example is that it assumes the attack is only brute force, and will not try combinations of dictionary words. A computer would not think to do that, but a person behind the attack might.
True but according to Webster there are roughly 1 million english words - realistically you can assume 50,000 for the average English speaker. Each word "blob" would have 50,000 possibilities (vs 10 for digits only, 95 for all ASCII printable characters, etc.). Just 4 "characters" of 50,000 possibilities each is no easy task.
Re: PSA: check your password strength
Posted by: freeradical
Date: March 26, 2013 01:22PM
|
Re: PSA: check your password strength
Posted by: cbelt3
Date: March 26, 2013 01:54PM
|
Re: PSA: check your password strength
Posted by: deckeda
Date: March 26, 2013 02:13PM
|
Re: PSA: check your password strength
Posted by: guitarist
Date: March 26, 2013 02:14PM
|
Re: PSA: check your password strength
Posted by: space-time
Date: March 26, 2013 02:22PM
|
Re: PSA: check your password strength
Posted by: space-time
Date: March 26, 2013 02:26PM
|
Re: PSA: check your password strength
Posted by: mikebw
Date: March 26, 2013 03:28PM
|
Re: PSA: check your password strength
Posted by: space-time
Date: March 26, 2013 05:03PM
|
Re: PSA: check your password strength
Posted by: MEG
Date: March 26, 2013 06:17PM
|
Quote
rz
I'd suggest you visit this page to read up on what a "rainbow table" is. [en.wikipedia.org]
Then google about password cracking. Four character passwords are trivial to crack.
Re: PSA: check your password strength
Posted by: wowzer
Date: March 26, 2013 07:49PM
|
Quote
MEG
Quote
rz
I'd suggest you visit this page to read up on what a "rainbow table" is. [en.wikipedia.org]
Then google about password cracking. Four character passwords are trivial to crack.
Not 4 characters - 4 random words. I think a 25ish-character string password comprised of 4 random words of is no trivial task even using combinations of dictionary words because of the number of possible words is several magnitudes of order greater than number of characters.
What am I missing? Seriously. Rainbow tables and other precomputation attacks do not work against passwords that contain symbols outside the range presupposed, or that are longer than those precomputed by the attacker. Is 25 characters not long enough?
My point was that a long, easy to remember for a human password is more secure than the 8-character using upper, lower, number & symbol passwords.
Re: PSA: check your password strength
Posted by: wowzer
Date: March 26, 2013 07:50PM
|
Re: PSA: check your password strength
Posted by: deckeda
Date: March 26, 2013 07:55PM
|
Re: PSA: check your password strength
Posted by: mikebw
Date: March 26, 2013 08:30PM
|
Quote
MEG
My point was that a long, easy to remember for a human password is more secure than the 8-character using upper, lower, number & symbol passwords.
Quote
deckeda
For places that allow it, I'd focus on length, with some reasonable obfuscation tossed in such as every nth character being wrong --- something the XKCD example lacks in its 4-word example but doing so adds an exponential amount of entropy because common or logical lookup patterns won't exist for it and brute force will be slowed way, way waaaaaay down ... think thousands (or a lot more, actually) years to crack, not "a few hundred" or less.
Re: PSA: check your password strength
Posted by: Sam3
Date: March 26, 2013 10:44PM
|
Re: PSA: check your password strength
Posted by: Dennis S
Date: March 26, 2013 11:01PM
|
Re: PSA: check your password strength
Posted by: mikebw
Date: March 27, 2013 07:30AM
|
Quote
Dennis S
Wouldn't some place be better off having 2 passwords? My bank does, but I don't know if it truly has to have #1 guessed before someone would have to start work on #2. Then sometimes it also asks for you high school mascot sort of thing.
Re: PSA: check your password strength
Posted by: deckeda
Date: March 27, 2013 07:31AM
|