[clug] [OT] all text passwords == secure?
steve jenkin
sjenkin at canb.auug.org.au
Mon Aug 27 07:31:40 MDT 2012
Sam Couter wrote on 27/08/12 9:41 PM:
>> But concatenating full words is NOT one of the ways...
> That's an overgeneralisation to the point that it's incorrect.
In the context of the trivial example promoted by the article, for the
audience it was intended for, I'll contend I'm right. It's a really bad
example for people who don't understand nuance...
The ArsTechnica article points out the crackers already model these
schemes and have dictionaries with good coverage, derived from the
millions of real-world passwords that've been stolen. I was surprised
that 5/6 characters are 'brute-force' crackable on low-cost equipment
and 8/9 with large-scale ('cloud'). The 6/7 range is the 'sweet spot'
for Rainbow codes...
I like your example of 'diceware'.
Seems useful, so thanks very much for the info.
Even 5 words from a published 7500 word list would take a year or two to
crack with modern machinery... Certainly sets you apart from the
low-hanging fruit. Only Advanced Persistent Threats will go there.
As an aside, I still treasure an email from years ago when I asked
someone not to send word-doc attachments when not necessary, as I then
used a simple command-line mail reader as a protection against viruses
and other nasties.
This self-declared expert pilloried me saying he used Windows, kept his
Virus scanners up-to-date and something else to handle spam, IIRC, and I
was an ignorant fool. What he did was all that was needed to be
perfectly safe...
Every time there's been a wide-scale zero-day compromise, I think of
him... The irony is that most people whose home computers are pwned by a
botnet don't even know. So I suspect he's still sitting there Fat, Dumb
and Happy, with a thoroughly compromised system.
I plod on with a conservative arrangement and just keep hoping 'things
are fine'. Ya just never know :-(
--
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA
sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
More information about the linux
mailing list