Our server costs ~$56 per month to run. Please consider donating or becoming a Patron to help keep the site running. Help us gain new members by following us on Twitter and liking our page on Facebook!
Current time: March 28, 2024, 4:09 pm

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
On Password Strength
#1
On Password Strength
My latest article (containing SCIENCE) about password strength, and how to create stronger (and memorable) passwords.

http://cryptogasm.com/2012/03/on-password-strength/

Since a lot of this article was responding to someone else, I'll be writing a more in-depth one about the objections raised to my proposed password scheme.
Reply
#2
RE: On Password Strength
I'm bathing in 34 fish, HORRID FISHING DAY.

Seriously... if I have 8 nets relegated to me to pick, and in those nets I catch only 34 fish... then it's something like 4 fish a net.

THAT IS WORTHLESS FISHING! CRIKEY!
Please give me a home where cloud buffalo roam
Where the dear and the strangers can play
Where sometimes is heard a discouraging word
But the skies are not stormy all day
Reply
#3
RE: On Password Strength
Aw, Lily. Sad

My passwords suck. Wink
Reply
#4
RE: On Password Strength
(March 28, 2012 at 1:50 pm)Shell B Wrote: Aw, Lily. Sad

My passwords suck. Wink

Hey now... it's better than getting skunked in every net. 34 > 0 every day.

My passwords lick. Interested? Wink
Please give me a home where cloud buffalo roam
Where the dear and the strangers can play
Where sometimes is heard a discouraging word
But the skies are not stormy all day
Reply
#5
RE: On Password Strength
OK, so I'm going to have to give up 12345 as my password. I think I'll start using qwerty instead. Much more secure.
OK, so they talk about computers being able to hack passwords in incredibly short amounts of time, but let's say they're trying to hack my yahoo email account, for instance. They'd either have to type in every password the computer comes up with, or else have some way the computer automatically enters each password. Either way will take quite a bit of time, given the time it will take the data to flow back & forth through the internet and the time it will take the server to check the login/password combination. Of course the computer will be faster but I don't think they'd be able to hack an online email account password in 35 seconds.
Christian apologetics is the art of rolling a dog turd in sugar and selling it as a donut.
Reply
#6
RE: On Password Strength
(March 28, 2012 at 2:01 pm)Doubting Thomas Wrote: OK, so I'm going to have to give up 12345 as my password. I think I'll start using qwerty instead. Much more secure.

I have the same combination on my luggage....
Self-authenticating private evidence is useless, because it is indistinguishable from the illusion of it. ― Kel, Kelosophy Blog

If you’re going to watch tele, you should watch Scooby Doo. That show was so cool because every time there’s a church with a ghoul, or a ghost in a school. They looked beneath the mask and what was inside?
The f**king janitor or the dude who runs the waterslide. Throughout history every mystery. Ever solved has turned out to be. Not Magic.
― Tim Minchin, Storm
Reply
#7
RE: On Password Strength
No, and I covered that in the article. I was talking about attacks on stolen passwords hashes. An attack on an actual Yahoo server would probably bring up lots of red flags for the sysadmin, who would see the attack and quickly shut it down (blocking the IP, disabling the account temporarily, etc).

However, if Yahoo's database gets hacked, and your password hash is stolen, your password will get broken if it is not secure enough.
Reply
#8
RE: On Password Strength
(March 28, 2012 at 2:01 pm)Doubting Thomas Wrote: OK, so I'm going to have to give up 12345 as my password. I think I'll start using qwerty instead. Much more secure.

This was cute... why couldn't you have left it at that? Thinking
Please give me a home where cloud buffalo roam
Where the dear and the strangers can play
Where sometimes is heard a discouraging word
But the skies are not stormy all day
Reply
#9
RE: On Password Strength
I used to use "password" as my password, and when I realized that wasn't very smart, I changed it to "mypassword1".

Take that, hackers!
Reply
#10
RE: On Password Strength
OK, I guess I'm not up on what exactly a "hash" is.

Oh and I think I'll start spelling out my passwords in Morse code. Take that hackers!
Christian apologetics is the art of rolling a dog turd in sugar and selling it as a donut.
Reply



Possibly Related Threads...
Thread Author Replies Views Last Post
  Change your Ebay password! Autumnlicious 5 1000 May 27, 2014 at 11:23 am
Last Post: vorlon13



Users browsing this thread: 1 Guest(s)