Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Choosing A Password

  1. #11
    Junior Member
    Join Date
    Nov 2003
    Posts
    1

    In other words...

    Hi,

    An expansion of what has already been posted is available here -

    http://geodsoft.com/howto/password/common.htm

    Good Luck,

    Emmett

  2. #12
    Sm0kinP0t: Check out that last link that Dr_Evil posted concerning your alt+ charries.

  3. #13
    Senior Member
    Join Date
    Aug 2002
    Posts
    547
    this is something that happend to me.

    A priest ask me to go and fix his computer, witch is running Win Xp Pro, and it's used by him a 2 other persons,but only him had admin privileges, so i told him to type his password because the user name was the name of the church and he told me thats all rigth im going to sayit to you but the first and last letter are in caps. the password was SlutysluT69 , and i just turned around and saw him and he told me i think that no one would guess that that could be my password or what do you think?

    And he told me he had that same password to other services, i recommended that he should change his password to be longer and with mix numbers between leters and uses more lowey and upper case, and no t to use the same password for diferent services.

    But the SlutysluT69 was a funny password LOL

  4. #14
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    dead horse...beat it some more...

    Ok, so obviously my posting a new tutorial thread on choosing strong passwords wouldn't be kosher, since mark has been there already. But I could still use some help, and I think the work I've done at least builds upon his (although, I didn't read his until I was done and ready to post mine.)

    I am writing a series of papers (articles for an omnibus, at some point) geared towards presenting basic security practices to the lay-person.

    I've posted the first one and would appreciate comments. I've had it reviewed by a few other people, but the more input the better. Thanks for any and all constructive criticism.

    PDF and plain text versions available.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #15
    Banned
    Join Date
    Aug 2004
    Posts
    534
    "An average 2.4ghz processor can try 300,000 passwords a second under normal circumstance."

    since the thread came back from the past i might as well ask.... is the statement above true? seems a bit excessive

    which cracker ... what kind of algorithm/hash... what's the programming language

  6. #16
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    "An average 2.4ghz processor can try 300,000 passwords a second under normal circumstance."
    That is probably about right, but it doesn't give all the assumptions.........amount and speed of RAM, FSB, HDD and so on. I guess they mean a "typical, balanced, 2.4Ghz processor machine" and I also believe that the machine is only checking passwords up to 8 characters, and is running as a dedicated machine (single task).

    which cracker ... what kind of algorithm/hash... what's the programming language
    I think that the assumption is that the application is of commercial/professional standard.

    I do not think that the algorithm/hash makes that much time difference, so long as the application is using the right one. From what I have seen, MD5 seems to be the standard by which these metrics are calculated?

    The programming language is definitely irrelevant, as you are running a binary executable?

    Important points to consider:

    1. If you don't use dictionary words, then a dictionary cracker won't work.
    2. If you want to use "pass phrases" include a bit of "foreign", slang (colloquialisms), and some spelling mistakes [Please see example below]
    3. Most readily obtainable brute force crackers stop at 8 characters, so make your password longer.
    4. The best privately available Rainbow Tables I have seen are 64Gb in size and will crack a 14 character password. So make your password 18 or better.

    That leaves you to the Feds and the Spooks, who I am sure have Rainbow Tables up to 32 character passwords if not better.

    Here is one to practice on: just create it as a password hash and try to crack it:

    "HolacoNNai$ez2bo£lockBran€<?>"

    "Hello do you know bollock brain?".............so it is very easy to remember, and even contains a 1337 French grammatical error .................connaisez is plural, tu (2) is singular...........

    Cheers

  7. #17
    Another scenario,

    I found out that many people use thier signature initials as a password. Or they even use thier disaply name as a so-called not-predicted passwords.

    People may be attracted to use thier favorit bands name or even a TV show. A very touching example, in one of the music forums, i used to post with one of the Slipknots's fans. Later on, i discovered that his email account password was Slipknot. I emaild him and advised him to change the password and use a more sophisticated password wise.

    My strong recommendation is to use mixed-wise approach to compose a password, that's to say, using the following strucute for a password won't be easy to be detected {#o6pe6th6}, don't even try to use is to logon to my account...

    Beware of the Shoulder-surfers, and never let anyone observe you fingers' hits on the keyboard.....

    Cheers ,,,

  8. #18
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Thanks guys, good info.

    As for the 2.4 GHz...I'd read that in a place or two, and I believe it's in mark's original tutorial as well. Prossibly the same source? As for shoulder surfing etc. I am working on several others, one of which deals specifically with PROTECTING your password (and other data); this is the reason I haven't gone into those topics in this paper.

    Thanks again for the feedback.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  9. #19
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,066
    LOL, beware of those with photographic memory...
    I am the uber duck!!1
    Proxy Tools

  10. #20
    Senior Member Falcon21's Avatar
    Join Date
    Dec 2002
    Location
    Singapore
    Posts
    252
    In my campus, I always see a lot of student typing in their password using only the number pad on the keyboard, meaning that their password consists of only numbers...It is very insecure to use only numbers since it can be cracked too quickly...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •