|
Korean Job Discussion Forums
"The Internet's Meeting Place for ESL/EFL Teachers from Around the World!"
|
| View previous topic :: View next topic |
| Author |
Message |
ernie
Joined: 05 Aug 2006
Location: asdfghjk
|
|
| Back to top |
|
 |
superdave
Joined: 20 Aug 2006
Location: over there ----->
|
 Posted: Mon Jun 02, 2008 10:19 pm Post subject: |
 |
|
i'll concede my password theory was poor. ophcrack ripped through my test password in about 5 seconds.
i also cracked "54ndw1ch" ... fairly quickly.
the decryption worked very fast for alphanumeric passwords. i'm still trying to find an effective way to hash non-alphanumeric characters so that i can test them. |
|
| Back to top |
|
|
orosee
Joined: 07 Mar 2008
Location: Hannam-dong, Seoul
|
| Posted: Mon Jun 02, 2008 10:20 pm Post subject: |
|
|
| superdave wrote: |
| ernie wrote: |
t6Om*w@e
eY!swV*k
|
while these may work well, they have a few problems
1 they're hard to remember
2 it's difficult to know if you've typed them correctly (cause passwords are hashed)
3 many sites or other programs don't allow special characters ... some do, but it's not a uniform policy
john1972smith was an example. varied alphanumeric strings that are easy for you to remember will be enough to thwart a password cracker. using unusual words or names, combined with numbers, known only to you, are effective.
no password is perfect, but the password also needs to be practical so that you can use it.
although john and smith and 1972 are individually weak, the combination is incredibly difficult for a password cracking program to guess.
but, for the sake of science, i'll download that software from the first post and test my theory!  |
Those are very good points which make strong passwords unlikely to be commonly used. Most likely (1) will result in the PW being written down on a piece of paper (probably left in the desk drawer or even attached to the monitor on a yellow sticky note. This still works against online attacks but not against friends, family or colleagues (or visitors in general).
HSBC internet banking only allows PW up to 8 charcters. But the user name can be much longer (go figure).
Korean internet banking security is mostly made to keep the legitimate user out, too.
I wish there would be some commonly accepted biometric method such as fingerprint ID.
I onece use a passphrase for PGP which consisted of the first line of the ring poem (Lord of the Rings), in German, followed by my birth date in 6 digits.
Another problem is that when you have one good password, you may want to use it everywhere. So once it has been cracked, basically all doors are open. I use different strength PW for different purposes, e.g. for Dave's and other forums I use the weakest ones, for money related sites like PayPal, the strongest ones (since they are rarely used and also not saved by IE). |
|
| Back to top |
|
|
superdave
Joined: 20 Aug 2006
Location: over there ----->
|
| Posted: Mon Jun 02, 2008 10:24 pm Post subject: |
|
|
true ... but by capitalising it, like this: John1972Smith, it got a rating of good.
however, ophcrack ripped that password just as quickly ... so the capitals made no difference.
microsoft's page doesn't rate the strength of the words, only the alpha-numeric-character-capital combination |
|
| Back to top |
|
|
ernie
Joined: 05 Aug 2006
Location: asdfghjk
|
| Posted: Mon Jun 02, 2008 10:30 pm Post subject: |
|
|
| i don't think there's anything wrong with writing down your password(s), just make sure to keep them in a safe place, like your wallet (mine never leaves my pocket or my sight) |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
