[4085] in Privacy_Forum
[ PRIVACY Forum ] Cracking tough passwords
daemon@ATHENA.MIT.EDU (PRIVACY Forum mailing list)
Mon May 27 23:42:14 2013
Date: Mon, 27 May 2013 20:23:38 -0700
To: privacy-list@vortex.com
Message-ID: <20130528032338.GB15724@vortex.com>
MIME-Version: 1.0
Content-Disposition: inline
From: PRIVACY Forum mailing list <privacy@vortex.com>
Reply-To: PRIVACY Forum mailing list <privacy@vortex.com>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: privacy-bounces+privacy-forum=mit.edu@vortex.com
Content-Transfer-Encoding: 8bit
Cracking tough passwords
Anatomy of a hack: How crackers ransack passwords like "qeadzcwrsfxv1331"
http://j.mp/ZpFVpH (ars technica)
"For Ars, three crackers have at 16,000+ hashed passcodes-with 90
percent success."
- - -
A few things to note here. First, longer passwords composed of
nonsense (no words!) alphanumeric sequences are still relatively
secure from this form of attack. Second, this attack requires direct
access to a ripped off hash password table -- it isn't practical via
normal login channels, and the encoding needs to have been done with a
weaker algorithm (by today's standards, anyway). And of course, if
you're using two-factor authentication properly (with a well
implemented two-factor system), the password won't do the attacker any
good anyway -- unless you've also used it on other systems that don't
have two-factor authentication, that is!
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
- Data Wisdom Explorers League: http://www.dwel.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
privacy mailing list
http://lists.vortex.com/mailman/listinfo/privacy
