Lame passwords
Results 1 to 9 of 9

Thread: Lame passwords

  1. #1
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211

    Post Lame passwords

    Of nearly 3,300 passwords examined, the paper's authors, Ken Thompson and Robert Morris Sr., found about 17 percent consisted of three characters or less, nearly 15 percent had four characters that were a letter or a digit, and another 15 percent appeared in one of the dictionaries available at the time. In total, nearly half the passwords could be found in a search lasting less than six hours.
    THE LINK: http://zdnet.com.com/2100-1105-920092.html

    I think bad information on choosing a password holds some of the blame. Most system admins think that if you just throw a number on the end of a password it becomes uncrackable. Also many articles on choosing passwords suggest mixing up letters when in reality the password "snowboarding" is just as secure (random) as the password "zswerflpe". If you really want to give pasword crackes a hard time you should try a passwords like $/|/0\/\/B01Rd1ng (with a little alt + 255 at the end). Of course at some point you have to draw a compromise between what you can remember and what is secure.

  2. #2
    TechieChick
    Guest
    First visit at a new clients, booted up a workstation and the network password box popped up.
    User Name: justclickenter


    DOH

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    255
    adding all that **** just makes it longer to crack, but it depends on what software you use to crack it.

    preep
    http://www.attrition.org/gallery/computing/forum/tn/youarenot.gif.html

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    255
    hey i knew a mate from college who used qwerty as his yahoo passwd.
    how daft is that?
    p.s i never done anything, just told hit is kick his ass if he didnt change it.
    :P
    preep
    http://www.attrition.org/gallery/computing/forum/tn/youarenot.gif.html

  5. #5
    AntiOnline Newbie
    Join Date
    Apr 2002
    Posts
    178
    One of my favorites is to come up with a phrase that is relevant and easy to remember and then convert it into alpha-numeric w/special characters:

    Example - Uncle Bill needs to give me large quantities of money
    Pwd - UBn2gmLqo$

    Uppercase, lowercase, alpha, numeric, special characters, 10 digit, no repeats...

    Damn - can't use that one anymore ;-)

  6. #6
    Senior Member
    Join Date
    Aug 2001
    Posts
    410
    I was browsing through the 2600 mag, the other day, and someone wrote an article about how large a brute force file would be, if it contained every imaginable password. The size of the file was in the Terabytes.

    I used to work for Circuit City, when you got hired you would get a 5 digit number, which was basically your employee number. Then you would get a new two character/digit "password" every month. Sometimes it was letters, letters+numbers, numbers. To clock in, you would have to "login" with your 5 digit number, plus the 2 digit password. Then when you went to release product, so you could take it out to the customer, you would enter in your 2 digit password, and then scan the UPC and Serial number.
    That was before, they had the "access card". Which, does not replace the two passwords, but you must use it conjunction with them. Which makes it considerably harder to "crack". Unless of course you lose the Card, and someone else knows your 5 digit, and 2 digit passwords.

    Before they issued the Cards, someone (anyone including customers) could "sell" the product, if they knew a salespersons 2 digit password, most employee's didn't and don't "logout" so that they are still logged in as the active user at the Kiosk.

    Just some fun tidbits.
    savIRC :: The Multi-Platform IRC Client v. 1.8 [Released 9.04.02]

  7. #7
    Senior Member
    Join Date
    Apr 2002
    Posts
    380
    I was once told using characters such as @ | could make the password hacking a challenge. I think using obscure chars is a step towards top security. Off course you aren't secure if you paste that pass on your Monitor...
    [shadow]Scorp666, the Infamous Orgasmatron[/shadow]

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    385
    Here's a good site on passwords (though I haven't read the whole thing). Has a chart near the middle with password size statistics. http://www.oit.duke.edu/security/password.html
    Preliminary operational tests were inconclusive (the dang thing blew up)

    \"Ask not what the kernel can do for you, ask what you can do for the kernel!\"

  9. #9
    Senior Member
    Join Date
    Oct 2001
    Posts
    385

    Exclamation Fun with ASCII

    Fun with the ASCII table(not even extended):

    Password:
    F!]2e & ![e:$0M3 $aY +H3 W0Rl|> wI1L 3Nd In F!]23,$0M3 $aY !N ![3.Fr0m Wh@ I'v3 +4s73|> 0F d3sIr3,! H0Ld W!7h 7h0s3 wH0 FaV0]2 fIr3.bUt If I+ Ha|> +0 p3rIsH +W![3,I +H!N|< I |<N0W 3N0UgH 0F h@3,+0 |<N0W +H@ f0r |>3$+]2u[+I0N ![3,Is 41$0 Gr3@,& W0U1|> sUfF![3.

    Original text:
    Fire and Ice

    Some say the world will end in fire,
    Some say in ice.
    From what I've tasted of desire
    I hold with those who favor fire.
    But if it had to perish twice,
    I think I know enough of hate
    To know that for destruction ice
    Is also great
    And would suffice.

    (credit to Robert Frost for poem)

    Site with nonextended and extended ASCII tables: http://www.asciitable.com/

    Imagine doing this with the Raven by Edgar Allan Poe using extended ASCII...the possibilities are endless... (For those of you who have never read it: http://www.student.virginia.edu/~ravens/raven.html )
    Preliminary operational tests were inconclusive (the dang thing blew up)

    \"Ask not what the kernel can do for you, ask what you can do for the kernel!\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides