| View previous topic :: View next topic |
| Author |
Message |
SuperHero
Joined: 10 Dec 2003
Location: Superhero Hideout
|
 Posted: Fri May 30, 2008 1:57 pm Post subject: choose strong passwords, or don�t bother with a password |
 |
|
| ZDnet - Hardware 2.0 wrote: |
Earlier today I downloaded the latest Live CD for Ophcrack, the Windows password cracker, and tried it out on a Vista install to see how good of a password buster it is.
Conclusion: Either choose strong passwords, or don�t bother with a password at all.
Here�s the test - I took a virtual PC that uses Windows Vista that I�ve been sharing with a few friends (Fred, Barney, Betty and Wilma � you might know them) and put this up against the Live CD to see how many passwords I could recover.
The results were quite staggering. In less than 50 seconds three weak passwords had been recovered (shame on you pcdoc, Fred and Betty � I�m not letting you on my systems again). However, two much longer and more complex passwords (one consisting of alphanumeric characters, the other more complex) survived. |
|
|
| Back to top |
|
 |
superdave
Joined: 20 Aug 2006
Location: over there ----->
|
| Posted: Sat May 31, 2008 6:54 pm Post subject: |
|
|
this really oughtn't be a surprise.
people choose the daffiest passwords. their middle name, kid's names, nicknames, crap like that.
the best passwords are more than 8 characters and include numbers and letters (alphanumeric).
putting numbers in the middle of the password make it incredibly difficult to crack. eg:
john1972smith <--- very reasonable password.
clearly, though, you'd use a combination of words/numbers that are less obvious than my example. |
|
| Back to top |
|
|
ernie
Joined: 05 Aug 2006
Location: asdfghjk
|
| Posted: Sun Jun 01, 2008 4:54 pm Post subject: |
|
|
john1972smith is actually a very WEAK password... strong passwords (they should be called 'pass strings' because using words is not a good idea) mix lower and upper case letters, numbers and other characters... here are examples of STRONG passwords:
t6Om*w@e
eY!swV*k
one way to create a relatively strong password (it's not super strong because you're not using special characters or numbers) that is also memorable is to take the first letter from each word of a quote (the more obscure, the better)... for example, "To be or not to be" would become:
TbontbTi |
|
| Back to top |
|
|
agoodmouse
Joined: 20 Dec 2007
Location: Anyang
|
| Posted: Sun Jun 01, 2008 7:09 pm Post subject: |
|
|
| I agree. Strong passwords should be used. But to say "choose strong passwords, or don't bother with a password" is to construct a false dilemma. Using a password is better than no password. |
|
| Back to top |
|
|
mrsquirrel
Joined: 13 Dec 2006
|
| Posted: Sun Jun 01, 2008 7:51 pm Post subject: |
|
|
Spell words using symbols numbers and letters.
Go0dD@y2D13 |
|
| Back to top |
|
|
ernie
Joined: 05 Aug 2006
Location: asdfghjk
|
| Posted: Sun Jun 01, 2008 8:14 pm Post subject: |
|
|
| don't do that ^, either... password crackers use these letters (@, $, etc) in their 'dictionaries', so '$@ndwich' is just as obvious as 'sandwich'... |
|
| Back to top |
|
|
mrsquirrel
Joined: 13 Dec 2006
|
| Posted: Sun Jun 01, 2008 9:34 pm Post subject: |
|
|
| ernie wrote: |
| don't do that ^, either... password crackers use these letters (@, $, etc) in their 'dictionaries', so '$@ndwich' is just as obvious as 'sandwich'... |
A bit simplistic though.
a long phrase or word made up of more than 9 letters would work and numbers at the end or start |
|
| Back to top |
|
|
Easter Clark
Joined: 18 Nov 2007
Location: Hiding from Yie Eun-woong
|
| Posted: Sun Jun 01, 2008 11:50 pm Post subject: |
|
|
| But what about 54ndw1ch? |
|
| Back to top |
|
|
Confused Canadian
Joined: 21 Jan 2003
|
| Posted: Mon Jun 02, 2008 1:25 am Post subject: |
|
|
Passwords, like locks, are to keep 'honest' people out. If someone wants to break into your car or house, and they have the knowledge, they'll get in. If someone wants to hack your account, and they have the knowledge, they'll hack it.
That doesn't mean I'm not going to lock my doors, or create passwords for my computer / accounts. |
|
| Back to top |
|
|
ernie
Joined: 05 Aug 2006
Location: asdfghjk
|
| Posted: Mon Jun 02, 2008 4:00 pm Post subject: |
|
|
| the first thing crackers do is use dictionaries (which include alternate spellings) to break your password... a strong password is as random as possible, which forces crackers to use 'brute force', i.e. trying all possible permutations, to break your password... ironically, any password with words (long words are in the dictionary, too) is weak because 'brute force' isn't necessary to crack it... |
|
| Back to top |
|
|
blackjack
Joined: 04 Jan 2006
Location: anyang
|
| Posted: Mon Jun 02, 2008 5:20 pm Post subject: |
|
|
| what about using passwords with spelling mistakes? |
|
| Back to top |
|
|
ernie
Joined: 05 Aug 2006
Location: asdfghjk
|
| Posted: Mon Jun 02, 2008 5:47 pm Post subject: |
|
|
| if you can imagine your password being in a collection of 'words', i.e. names, misspelled words, slang, etc, then it is probably a 'weak' password... |
|
| Back to top |
|
|
OneWayTraffic
Joined: 14 Mar 2005
|
| Posted: Mon Jun 02, 2008 8:01 pm Post subject: |
|
|
| ernie wrote: |
| if you can imagine your password being in a collection of 'words', i.e. names, misspelled words, slang, etc, then it is probably a 'weak' password... |
However a word with a random character interspersed between the letters may be quite strong. |
|
| Back to top |
|
|
superdave
Joined: 20 Aug 2006
Location: over there ----->
|
| Posted: Mon Jun 02, 2008 8:25 pm Post subject: |
|
|
| ernie wrote: |
t6Om*w@e
eY!swV*k
|
while these may work well, they have a few problems
1 they're hard to remember
2 it's difficult to know if you've typed them correctly (cause passwords are hashed)
3 many sites or other programs don't allow special characters ... some do, but it's not a uniform policy
john1972smith was an example. varied alphanumeric strings that are easy for you to remember will be enough to thwart a password cracker. using unusual words or names, combined with numbers, known only to you, are effective.
no password is perfect, but the password also needs to be practical so that you can use it.
although john and smith and 1972 are individually weak, the combination is incredibly difficult for a password cracking program to guess.
but, for the sake of science, i'll download that software from the first post and test my theory!  |
|
| Back to top |
|
|
wormholes101
Joined: 11 Mar 2003
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
