I was just wondering if the xkcd Password Generator actually does what it says.
And could be used for passwords.
It is here: preshing.com/20110811/xkcd-password-generator/
Pass phrases actually aren't a bad idea sure a dictionary hack could eventually get it. Toss a ASCII character in there at the end and the chance of that password every being cracked this way not going to happen. If they get the hashes of the passwords by stealing the database that is a whole other problem.
I think a better question is what awful set up is allowing 1000 guesses a second. A captcha should appear after 5 guesses with a wait timer past 10 guesses.
I think a better question is what awful set up is allowing 1000 guesses a second. A captcha should appear after 5 guesses with a wait timer past 10 guesses.
You'd be surprised how terrible security is in major places. Many banks, government websites etc.
Ah thanks for that.
Since it is a new year I'm wanting to improve all passwords across my accounts, Is the Firefox Master system good for keeping track of passwords?
Rollback Post to RevisionRollBack
This is a legacy account, meaning it is no longer active
Use a long string of numbers and letters(upper and lower case) if you wanna be really secure and don't store your passwords digitally, get a damn notebook
Using a bunchofwordslikethis is probably easily subject to dictionary attacks
Got it, Thanks I will be using paper from now on
Rollback Post to RevisionRollBack
This is a legacy account, meaning it is no longer active
Use a long string of numbers and letters(upper and lower case) if you wanna be really secure and don't store your passwords digitally, get a damn notebook
Using a bunchofwordslikethis is probably easily subject to dictionary attacks
This leads to shorter passwords because remembering 8 or so 12 digit passwords is crazy keeping a physical list of all your passwords is not exactly secure.
This is a very basic look at it and there is a whole other ways to find passwords.
This is a fairly typical 8 digit password someone might use.
Ah8ERRaS
This is a passphrase someone might use.
manyrabbitsflyinglargeaircraft
For the first number there is 62 possible combinations per one character of length.
So there is a max of 218340105584896 combinations it could be.
It has 34.9 bits of entropy.
How about a dictionary hack on the passphrase.
"A 1995 study shows that junior-high students would be able to recognize the meanings of about 10,000-12,000 words, while for college students this number grows up to about 12,000-17,000 and for elderly adults up to about 17,000-21,000 or more." http://en.wikipedia....wiki/Vocabulary
So lets assume this word list has 21,000 of the most common English words.
The total number of possible guesses there could be in a 5 word dictionary phrase are.
4084101000000000000000
That is 71.79 bits of entropy this is considerably harder to crack then the above 8 letter password.
They don't even need physical access with a RAT or something.
RATs in home computers are pretty uncommon nowadays. Phishing and trojans are far easier to setup, easier to keep undetected, and MUCH cheaper in the underground market.
RATs in home computers are pretty uncommon nowadays. Phishing and trojans are far easier to setup, easier to keep undetected, and MUCH cheaper in the underground market.
True, but it's still a threat, and there are still plenty of crackers who can make the RAT themselves.
To expand on my earlier point. Sure a random assortment of ASCII symbols letters numbers at 20 digits is more secure then a 20 digit passphrase. This is ignoring the human aspect especially in enterprise set ups users tend to just write their passwords down and stick it to the monitor if it is hard.
They enable long easy to remember passwords. They also tend to be easier to type in on a smartphone or anything with a nonphysical keyboard.
Pass phrases actually aren't a bad idea sure a dictionary hack could eventually get it. Toss a ASCII character in there at the end and the chance of that password every being cracked this way not going to happen. If they get the hashes of the passwords by stealing the database that is a whole other problem.
I think a better question is what awful set up is allowing 1000 guesses a second. A captcha should appear after 5 guesses with a wait timer past 10 guesses.
Yes, as an ASCII character would extend the size of the dictionary it has to search. Personally i think using a character from a uncommon language, (such as Greek) would exorbitantly increase the safety. Would also be easier to remember than a ASCII character.
Rollback Post to RevisionRollBack
Feel free to pm me about any concerns,corrections,or questions.
I do redstone, pvp, light map making, enjoy sweet tea, and I'm a Leo.
If I helped, Up-vote my post please. Quote me if you require my attention.
And could be used for passwords.
It is here: preshing.com/20110811/xkcd-password-generator/
This is a legacy account, meaning it is no longer active
According to the comic it says that it would take 550 years at 1000guesss a second, Is that anything to do with a Dictionary Attack?
This is a legacy account, meaning it is no longer active
No, the comic assumes brute force attack.
http://pcpartpicker.com/user/SteevyT/saved/21PI
I think a better question is what awful set up is allowing 1000 guesses a second. A captcha should appear after 5 guesses with a wait timer past 10 guesses.
Ah thanks for that.
Since it is a new year I'm wanting to improve all passwords across my accounts, Is the Firefox Master system good for keeping track of passwords?
This is a legacy account, meaning it is no longer active
Got it, Thanks I will be using paper from now on
This is a legacy account, meaning it is no longer active
This leads to shorter passwords because remembering 8 or so 12 digit passwords is crazy keeping a physical list of all your passwords is not exactly secure.
This is a very basic look at it and there is a whole other ways to find passwords.
This is a fairly typical 8 digit password someone might use.
Ah8ERRaS
This is a passphrase someone might use.
manyrabbitsflyinglargeaircraft
For the first number there is 62 possible combinations per one character of length.
So there is a max of 218340105584896 combinations it could be.
It has 34.9 bits of entropy.
How about a dictionary hack on the passphrase.
"A 1995 study shows that junior-high students would be able to recognize the meanings of about 10,000-12,000 words, while for college students this number grows up to about 12,000-17,000 and for elderly adults up to about 17,000-21,000 or more."
http://en.wikipedia....wiki/Vocabulary
So lets assume this word list has 21,000 of the most common English words.
The total number of possible guesses there could be in a 5 word dictionary phrase are.
4084101000000000000000
That is 71.79 bits of entropy this is considerably harder to crack then the above 8 letter password.
Just so you know, hide that paper.
My Github ด้้้้้็็็็็้้้้้็็็็็้้้้้็็็็็้้้้้็็็็็้้้้้็็็็็้้้้้็็็็็้้้้้็็็็็้้้้้дด็็็็็้้้้้็็็็้้้้้็็็็็้้้้้็็็็็้้้้้็็็็็้้้้้
Read
fm87!Don't worry it is in a notebook, It is a draw under like a whole bunch of other notebooks, OK hiding spot?
This is a legacy account, meaning it is no longer active
If someone has physical access to your computer, they are getting into your accounts even without that info.
They don't even need physical access with a RAT or something.
True, but it's still a threat, and there are still plenty of crackers who can make the RAT themselves.
And no, no one would waste their time on a RAT unless it was for a specific purpose. They are EXTREMELY difficult to create.
http://ask.metafilter.com/193052/Oh-Randall-you-do-confound-me-so#2779020
They enable long easy to remember passwords. They also tend to be easier to type in on a smartphone or anything with a nonphysical keyboard.
Yes, as an ASCII character would extend the size of the dictionary it has to search. Personally i think using a character from a uncommon language, (such as Greek) would exorbitantly increase the safety. Would also be easier to remember than a ASCII character.
I do redstone, pvp, light map making, enjoy sweet tea, and I'm a Leo.
If I helped, Up-vote my post please.
Quote me if you require my attention.