March 20th, 2002 12:39 AM
Anatomy of a Password
Taken from an article by Christian Perry "Open Sesame...Not a good password"
"Passwords have long been standard fare when it comes to protecting networks, OSes, programs, and files. When a password system is in place, a user must present a valid user ID and password to gain access to the resource. The password typically doesn't display on the user's screen for security purposes; instead, round bullets or asterisks might appear in its place.
At this point, an algorithm is typically run on the password to generate a 'hash'. A hash is basically a number generated from the text and is usually much smaller thatn the text. Despite its small size, chances are incredibly slim that a set of characters that differs from the original password text (such as 'dog' instead of 'cat') will generate the same hash. The hash value is a one-way ticket, and it CAN'T be reversed to reveal the original text. In this environment, your text password disappears and shouldn't be seen again, because from now on, the computer will compare the hash created by your password to the hash it has stored for your profile. (EDIT NOTE: Hence the need to type a new password twice, to confirm the new hash without locking the user out, if mistyped) If they match, you'll recieve access to that computer or resource.
The most widely used and trusted hash algorithms are SHA-1 (Secure Hash Algorithm-revised version) and MD5 (message-digest algorithm 5). The NIST (National Institute of Standards and Technology) and NSA (National Security Agency) developed SHA (Secure Hash Algorithm). SHA-1, published in 1994, is a revision of the original version. And although SHA-1 is slower than MD5, it's generally regarded as stronger when facing brute force attacks. In 1994, MIT Professor Ronald L. Rivest developed MD5, which produces a 128-bit digital fingerprint, compared to the 160-bit fingerprint created by SHA-1.
Unfortunately, for every minute spent creating techniques to secure passwords, many more are spent devising ways to crack them. As a common security device, passwords are very likely to encounter various forms of attack, and in many cases, they lose."
TIPS ON CREATING PASSWORDS:
don't use only one type of character to create one(i.e. letters, numbers, symbols)
don't use obvious mutations(i.e. replacing letters with numbers...cracker vs. cr4ck3r)
don't use incremental changes(i.e. b1tch and b1tch1, b1tch2)
don't use any words, in any language, in any form described above, that could be found in a cracker dictionary. (i.e. if it even resembles a 'real' word or name or place, don't use it)
don't use 'QWERTY' or any other keyboard sequence
Crack tools are far more powerful than you think and can detect mutations, incremental changes, and logic sequences better than you realize...
DO use a password that YOU can barely remember without practicing it in your head..letters, numbers and symbols...no less than 6 characters...high end pass crackers can sift through 100,000 combos PER SECOND, based on the dictionary and mutations that the software uses...
"entia non sunt multiplicanda praeter necessitatem"
"entities should not be multiplied beyond necessity."
March 20th, 2002 12:50 AM
That site is the best password generator I know online.... I tried the following options:
Show Phonetics: (e.g. Alpha - Bravo - Charlie)
Include Letters: (e.g. abcdef)
Include Mixed Case: (e.g. AbcDEf)
Include Numbers: (e.g. a9b8c7d)
Include Punctuation: (e.g. !.*@#&$)
This is what I got, very good results if you ask me....
S+ac8a6o (SIERRA - Plus - alpha - charlie - Eight - alpha - Six - oscar)
2o@reChi (Two - oscar - At - romeo - echo - CHARLIE - hotel - india)
hA1i?ajE (hotel - ALPHA - One - india - Question - alpha - juliet - ECHO)
hu0#y9mO (hotel - uniform - Zero - Hash - yankee - Nine - mike - OSCAR)
wRas&EsU (whiskey - ROMEO - alpha - sierra - Ampersand - ECHO - sierra - UNIFORM)
March 20th, 2002 01:01 AM
I try to use ¢¼ as much as possible.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson