Hi,
An expansion of what has already been posted is available here -
http://geodsoft.com/howto/password/common.htm
Good Luck,
Emmett
Printable View
Hi,
An expansion of what has already been posted is available here -
http://geodsoft.com/howto/password/common.htm
Good Luck,
Emmett
Sm0kinP0t: Check out that last link that Dr_Evil posted concerning your alt+ charries.
this is something that happend to me.
A priest ask me to go and fix his computer, witch is running Win Xp Pro, and it's used by him a 2 other persons,but only him had admin privileges, so i told him to type his password because the user name was the name of the church and he told me thats all rigth im going to sayit to you but the first and last letter are in caps. the password was SlutysluT69 , and i just turned around and saw him and he told me i think that no one would guess that that could be my password or what do you think?
And he told me he had that same password to other services, i recommended that he should change his password to be longer and with mix numbers between leters and uses more lowey and upper case, and no t to use the same password for diferent services.
But the SlutysluT69 was a funny password LOL
Ok, so obviously my posting a new tutorial thread on choosing strong passwords wouldn't be kosher, since mark has been there already. But I could still use some help, and I think the work I've done at least builds upon his (although, I didn't read his until I was done and ready to post mine.)
I am writing a series of papers (articles for an omnibus, at some point) geared towards presenting basic security practices to the lay-person.
I've posted the first one and would appreciate comments. I've had it reviewed by a few other people, but the more input the better. Thanks for any and all constructive criticism.
PDF and plain text versions available.
"An average 2.4ghz processor can try 300,000 passwords a second under normal circumstance."
since the thread came back from the past i might as well ask.... is the statement above true? seems a bit excessive
which cracker ... what kind of algorithm/hash... what's the programming language
That is probably about right, but it doesn't give all the assumptions.........amount and speed of RAM, FSB, HDD and so on. I guess they mean a "typical, balanced, 2.4Ghz processor machine" and I also believe that the machine is only checking passwords up to 8 characters, and is running as a dedicated machine (single task).Quote:
"An average 2.4ghz processor can try 300,000 passwords a second under normal circumstance."
I think that the assumption is that the application is of commercial/professional standard.Quote:
which cracker ... what kind of algorithm/hash... what's the programming language
I do not think that the algorithm/hash makes that much time difference, so long as the application is using the right one. From what I have seen, MD5 seems to be the standard by which these metrics are calculated?
The programming language is definitely irrelevant, as you are running a binary executable?
Important points to consider:
1. If you don't use dictionary words, then a dictionary cracker won't work.
2. If you want to use "pass phrases" include a bit of "foreign", slang (colloquialisms), and some spelling mistakes ;) [Please see example below]
3. Most readily obtainable brute force crackers stop at 8 characters, so make your password longer.
4. The best privately available Rainbow Tables I have seen are 64Gb in size and will crack a 14 character password. So make your password 18 or better.
That leaves you to the Feds and the Spooks, who I am sure have Rainbow Tables up to 32 character passwords if not better.
Here is one to practice on: just create it as a password hash and try to crack it:
"HolacoNNai$ez2bo£lockBran€<?>"
"Hello do you know bollock brain?".............so it is very easy to remember, and even contains a 1337 French grammatical error :D .................connaisez is plural, tu (2) is singular...........
Cheers
Another scenario,
I found out that many people use thier signature initials as a password. Or they even use thier disaply name as a so-called not-predicted passwords.
People may be attracted to use thier favorit bands name or even a TV show. A very touching example, in one of the music forums, i used to post with one of the Slipknots's fans. Later on, i discovered that his email account password was Slipknot. I emaild him and advised him to change the password and use a more sophisticated password wise.
My strong recommendation is to use mixed-wise approach to compose a password, that's to say, using the following strucute for a password won't be easy to be detected {#o6pe6th6}, don't even try to use is to logon to my account... :D
Beware of the Shoulder-surfers, and never let anyone observe you fingers' hits on the keyboard.....
Cheers ,,,
Thanks guys, good info.
As for the 2.4 GHz...I'd read that in a place or two, and I believe it's in mark's original tutorial as well. Prossibly the same source? As for shoulder surfing etc. I am working on several others, one of which deals specifically with PROTECTING your password (and other data); this is the reason I haven't gone into those topics in this paper.
Thanks again for the feedback.
LOL, beware of those with photographic memory...
In my campus, I always see a lot of student typing in their password using only the number pad on the keyboard, meaning that their password consists of only numbers...It is very insecure to use only numbers since it can be cracked too quickly...