Perfect password?

Printable View

June 6th, 2003, 07:53 AM
XTC46

Perfect password?

The other day a few friends and I were having a discussion on the perfect password. I was a student administrator for our schools computer lab (I just graduated) and was incharge of passwords. So I challenged other students to crack my passwoords. well They were all trying things like lc4 and programs like it that rely on dictionary attacks they never got it, so we stared to discuss how to make a perfect password. We came up with that the perfect password should include Uppercase letters, lowercase letters, numbers, and symbols. The problem with this is that a good brute force attack should be able to crack this. So I ask How do i ame the perfect password?
June 6th, 2003, 08:27 AM
Abtronic

A good brute forcer?

hwi79Yhi[34-[[768WIH

It will take around 1,000,000 years to crack that. A good password is, as you mentioned, one which mixes uppercase, lowercase, symbols and numbers and is 6+ characters long. These passwords are extremely secure, and if used correctly, cannot be cracked during a useful time period.
June 6th, 2003, 08:34 AM
steve24601

you might also consider changing the password every now and again. That way even if someone had the resources (... NSA ...), so long as you changed the password before they broke it, you'd never be vulnerable.
June 6th, 2003, 10:15 AM
MrLinus

I don't believe there is such a thing as a perfect password. It's like saying there is unbreakable cryptography. Somewhere, something will break it. Using letters (uppercase and lowercase), numbers and symbols in combination is always a good thing and the longer, the better. Certainly a brute force will break it but make it longer and harder for them to do so. In addition, change your password regularly. Every 3-5 months is a good rule of thumb for most companies.
June 6th, 2003, 06:07 PM
phishphreek

In addition to Uppercase letters, lowercase letters, numbers, and symbols...

I also think it is a good idea to use different ASCII chars that are not found on a keyboard... they are easy to enter and they make it a bit harder to crack.

I have tested it with several programs on my password files... given enuff time... I'm sure that they will get it... I've let crackers run on my pwd files for a week at a time and it never found any full password with those chars.

to enter different ASCII chars in m$... hold alt and type the number that you want...

¿ = (hold)Alt then type 1,6,8 (let go of Alt)
╚ = (hold)Alt then type 4,5,6
Ä = (hold)Alt then type 6,5,4
ô = (hold)Alt then type 1,4,7
etc.... you get the idea.

I'm not saying to make the whole password like that... cause it'd be a pain to enter... but one at the beginning and one at the end... or mixed between

I can't figure out how to enter those chars in linux yet... so if anyone knows... please post!
June 6th, 2003, 07:29 PM
MrLinus

phishphreek80,

I thought that not all systems will accept the alt codes or will interpret them incorrectly?
June 6th, 2003, 09:00 PM
bballad

ALT codes wont work every where (and soem alt codes will only work command line) but for a windows or Unix password they are a very good idea.

One other note to remember is that a compleatly random password may be worse as it will be harder for you to remember thus casueing you to write it down loseing its security.
June 6th, 2003, 10:30 PM
Zonewalker

well personally I always found taking a phrase (about 25-40 characters long) out of a book you like, putting the phrase into one long 'word' and then mixing in some numbers, upper and lower case letters along with a few numbers to be reasonable enough.... fairly easy to remember (assuming you pick a book you do like) and relatively difficult to brute force.

Having said all of that when quantum computers become available you can kiss good bye to any password and algorithm you like no matter how long/difficult it is - unless quantum crypto becomes available at the same time.

Z
June 7th, 2003, 02:12 AM
ZombieGirl78

"well personally I always found taking a phrase (about 25-40 characters long) out of a book you like" That would be good Zoonwalker, but subing nubers for words would work also
example: for--4
June 7th, 2003, 03:51 AM
Sadpterpan

hey well a password of 12 characters, letters and numbers and case sensitive is considered "goverment security" as it is the length of goverment passwords, anyway a password this length that doesnt really make out anything i.e. s4Gs91eIaX71, is going to take even on the best brute force program minimum of 3 months constant running to crack it... pretty good id say....