[clug] [OT] all text passwords == secure?

Scott Ferguson scott.ferguson.clug at gmail.com
Sat Aug 25 20:19:04 MDT 2012

On 26/08/12 11:46, James Ring wrote:
> Obligatory xkcd link: http://xkcd.com/936/

Um, you realise that's a joke right? ;-p   [*1]

My work involves a large amount of cleaning up hacked websites and email
servers. It's unpleasant work, and as the client has often suffered
major financial losses, it's often pro bono (or below cost).
So password recovery is something I do fairly regularly - and the first
thing I do when I have no limit on attempts (most CMSs) is a brute
force, all alpha (upper and lower case) up to 12 characters. Somewhere
around 20% yield results. Fast. (almost all the rest yield to a
dictionary root + 2 numbers attack).

Maybe comic strips aren't the best source of security information, with
the exception of redmeat.com of course ;-)
I'll stick to Bruce Schneider - he's the Chuck Norris of IT Security (he
has all the Debian GPG keys memorised) :-)

[*1] don't take my word for it, but the maths in the comic strip are out
by a large factor in the real world.
Hint: the real math for the strip example is 52 x number of *alpha*
characters in the password
> On Sat, Aug 25, 2012 at 6:42 PM, Scott Ferguson
> <scott.ferguson.clug at gmail.com> wrote:
>> In a hyperbolic article about computer security in The Canberra Times:-

Kind regards

More information about the linux mailing list