Password Strength
Results 1 to 7 of 7

Thread: Password Strength

  1. #1
    Token drunken Irish guy
    Join Date
    Sep 2001
    Posts
    2,813

    Password Strength

    Just some help concerning password strength.

    Example Password= johndoe
    Weaknesses- Single case letters, No spaces, No numerals, weak
    against simple shifting algorythmic force.

    Example Password= Johndoe
    Weaknesses- No spaces, No numerals, slightly stronger against
    simple shifting algorythmic force.
    Example Password= Johndoe198
    Weaknesses- No spaces, much stronger against
    algorythmic force.

    Example Password= John Doe 292373
    Strengths- Multiple casing, Multiple spaces, Many numerals,
    Long character length, very strong against brute force.

    Example Password= Jodoe Hn 3443john
    Strengths- Multiple Casing, Multiple spaces, Many numerals,
    Very long character length, ultimately strong against
    brute forcing.

    Example Password= 23nknoOJNih23ni2
    Strengths- Multiple everything, strange combinations, Best password
    combination I can find to fight against
    Share on Google+

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Talking

    If I may add a little more to that. Just for random trivia-ness, a password of 4 digits equals 10,000 combinations. A password of 6 characters (mix of digits, alphabetical and special) results in 16 million plus combinations.

    So you can see where Ennis' post, if you created a password similar to the last one the potential combinations are truly huge.

    The question remains: how to remember your password without using the magic sticky note.


    One way to help is what I call a phrase password. For example:

    2Br!=2bEt@Z?

    (aka "To be or not to be, that is the question")

    That can be one way to remember your password(s).

    Just my 0.0033 cents worth (damn exchanges rate!)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage
    Share on Google+

  3. #3
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007

    Re: Password Strength

    Originally posted by Ennis
    algorythmic force
    How musical!

    I would also add that if you use a password on an NT box, due to LanMan hashes, etc. (See L0phtcrack for more info) you should not use a password that has similar parts between the first 7 digits and the last 7, because they can break these sections individually, so if one of those two sections is really easy to break, it can provide a clue to what the other section is. Here are some not-quite-right-but-close examples. Pretend you are the attacker and you have found half of it independently of the other part. Guess the missing part.

    Iamso----
    NeverGuess----
    ---SucksAsAnISP

    Answers:
    Cool
    This
    AOL

    Those weren't great examples, and don't fulfill the right numbers of digits, etc, but I thought it was worth mentioning.
    [HvC]Terr: L33T Technical Proficiency
    Share on Google+

  4. #4
    alright..this is the best way i figured to create passwords that are "unpossible" to crack. basically, you use a keyboard pattern, (not like "qwerty") but more along the lines of 0p9ol8ik. do you see the pattern? no? i thought so. here's the secret:

    1234567(8)(9)(0)
    qwertyui(o)(p)
    asdfghjk(l)
    zxcvbnm

    now look at it on your keyboard. isn't it kewl? easy to remember, yet impossibly hard to decipher.

    if you found this post helpful, please send some positive antipoints my way. thank you.
    Share on Google+

  5. #5
    Junior Member
    Join Date
    Aug 2001
    Posts
    16
    Never mind!
    Share on Google+

  6. #6
    Junior Member
    Join Date
    Nov 2001
    Posts
    13
    dfgt5, that is a truly excellent way to create a decent password. However, it is not too good if you've got someone "shoulder surfing", watching what you type.

    I found this out, because even my girlfriend could see what my password was after a few hours.

    Just turn the lights off!

    K-Line
    Share on Google+

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    185

    Re: password strength

    I would just add to this that:

    Some OS's / applications truncate all characters after char=x, example, in some versions of SAP all characters after 6 are ignored.
    So be sure and know this as a password such as jOh N d_03 15 133t ,is rendered much less effective as jOh N (there is a space after N) by any OS/application that truncates passwords to 6 characters in this example.

    Special characters are sometimes not an option which rules out #,$,@,*,&,^, you get the idea. But by all means use them when available.

    Similar to my example above, (and those given by others) an easy way to remember a complex and strong password is to make it a badly spelled phrase:


    4 T 93rz r_tHE B0 mb

    ,may not be the absolute coolest password ever, but is satisfies many of the strong password characteristics mentioned above.

    Change passwords relatively often (90 days?), and don't use any of the same 3 characters together in your next password. In fact try to use no characters from your first password in your next one.

    Great post!!
    Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.

    Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.

    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •