|
|
|
|
| [VN
Boards Archive] |
Welcome to the Vault Network
forum archive.
This is not a complete archive, time didn't allot us the
opportunity to properly backup the majority of the boards
deemed "expendable". Most boards on this list have at least
20-40 pages archived (non-logged in pages, 15 topics per
page).
Popular boards may have as many as 250 pages archived at 50
topics per page, while others deemed of historical
signifigance may be archived in their entirety.
We may not agree with how the board shutdown was managed, but
we've done what we could to preserve some of its history in
lieu of that.
Please enjoy the archive.
~
Managers, Moderators, VIP's, and regular posters.
|
| Author |
Topic: Is this true?
|
vn_jurojin
Title: Insolent Insomniac
Posts:
9,633
Registered:
Dec 20, '01
Extended Info (if available)
Real Post Cnt: 9,526
User ID: 559,342
|
Subject:
Is this true?
|
http://xkcd.com/936/
And if so, why is everyone else on the planet wrong?
-----signature-----
(none)
|
|
Link to this post
|
Aerlinthian
Posts:
66,222
Registered:
May 7, '01
Extended Info (if available)
Real Post Cnt: 65,491
User ID: 94,919
|
Subject:
Is this true?
|
|
That is rather interesting. I won't change my password strategy because there is no need to but if I were to, I would consider this strategy.
-----signature-----
(none)
|
|
Link to this post
|
Steelwind_Oo
Title: Lurking Oo
Posts:
32,879
Registered:
Sep 30, '00
Extended Info (if available)
Real Post Cnt: 31,007
User ID: 46,829
|
Subject:
Is this true?
|
It makes a lot of assumptions to try to prove a point but yeah if you formatted your passwords exactly like described in the comic and they knew you formatted your password exactly like that then it would be easier to crack. That said most people do just use one word in leet speak and think they are good. Mine are sorta like that but with more variables that would make it much harder.
Even then looking at the comic it seems off in how it accounts for the variables. For example they assign 3 bits for common substitutions when in reality it could be more than that since there are more possible substitutions and some words have more substitutable letters than others. A word with more 'leetable' letters would be considerably harder.
A random string of words works if it is truly random otherwise a little knowledge about the user or their environment could build a pretty solid dictionary or even a common dictionary style attack. That of course assumes you know roughly how many words are used too but that could be guessed, or at least restricted, based on password length requirements for the system in question.
-----signature-----
'God is an imaginary friend for grownups.', Walter Crewes (Morgan Freeman), The Big Bounce
Don't be afraid to ask dumb questions they're easier to handle than dumb mistakes!
Xbox 360 Gamer Tag: SteelwindOo
e93% a53% s33% k13%
|
|
Link to this post
|
Marzuk
Posts:
12,545
Registered:
Oct 21, '02
Extended Info (if available)
Real Post Cnt: 12,348
User ID: 729,742
|
Subject:
Is this true?
|
http://www.codinghorror.com/blog/2005/07/passwords-vs-pass-phrases.html
I'd say its correct in the general idea, though it may be a bit off on the math the theory is sound.
Its mostly academic anyway. Any *reasonable* login will cut you off after 10 or so attempts, so your ability to try a massive number of passwords is pathetic. The calculations all assume you can do the attempts instantly.
As a side note, I see your comic about password security and raise you:
http://xkcd.com/538/
-----signature-----
(none)
|
|
Link to this post
|
vn_jurojin
Title: Insolent Insomniac
Posts:
9,633
Registered:
Dec 20, '01
Extended Info (if available)
Real Post Cnt: 9,526
User ID: 559,342
|
Subject:
Is this true?
|
|
^ lol
-----signature-----
(none)
|
|
Link to this post
|
Jyiiga
Title: The MMO Snob
Posts:
8,094
Registered:
Mar 15, '01
Extended Info (if available)
Real Post Cnt: 7,966
User ID: 74,827
|
Subject:
Is this true?
|
More or less correct, but as someone already pointed out just about everything limits you number of wrong replies.
After 4-5 guesses they either lock your account or you get those image verification thingies.
-----signature-----
What ads? https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/
|
|
Link to this post
|
Seffrid
Title: Ancient One
Posts:
13,210
Registered:
Dec 21, '01
Extended Info (if available)
Real Post Cnt: 12,930
User ID: 567,791
|
Subject:
Is this true?
|
|
Guesswork is so last season where password hacking is concerned. Far better to steal the entire password database instead - and in those circumstances the idea of one password being "strong" while another password is "weak" is a joke.
-----signature-----
(none)
|
|
Link to this post
|
Karsus_the_Great
Title: This is a title.
Posts:
1,359
Registered:
Apr 12, '03
Extended Info (if available)
Real Post Cnt: 1,331
User ID: 790,358
|
Subject:
Is this true?
|
Seffrid posted:
Guesswork is so last season where password hacking is concerned. Far better to steal the entire password database instead - and in those circumstances the idea of one password being "strong" while another password is "weak" is a joke.
Sadly this, which is why FDE is so much so a requirement.
You should be getting your passwords from this, or something like it.
-----signature-----
I know I'm going to hell, I'll bring marshmallows.
Caldari. The only race in Eve that does not fly it's own ships.
Karsus the Great - lvl 240+ Original BM(retired)
|
|
Link to this post
|
Lonestar_1
Posts:
4,224
Registered:
Aug 26, '04
Extended Info (if available)
Real Post Cnt: 3,775
User ID: 960,112
|
Subject:
Is this true?
|
The best thing you can do is not use the same password everywhere, even vary your account name if that worried. And make sure you try not to use any personal info when creating the passwords.
This limits the damage of a compromised account to just that location.
-----signature-----
http://gimpchimp.etilader.com/display.php?user=lonestarr 3500+ solo kills & Lone Enforcer WAR - IronRock Dest- Energist, Moogabooga SWTOR - KV - Energist, Moogabooga
|
|
Link to this post
|
Marzuk
Posts:
12,545
Registered:
Oct 21, '02
Extended Info (if available)
Real Post Cnt: 12,348
User ID: 729,742
|
Subject:
Is this true?
|
Seffrid posted:
Guesswork is so last season where password hacking is concerned. Far better to steal the entire password database instead - and in those circumstances the idea of one password being "strong" while another password is "weak" is a joke.
Depends on how the password was stored. Proper hash + salt is going to at least make it prohibitive to recover passwords from a database dump. And I'm not talking an MD5.
-----signature-----
(none)
|
|
Link to this post
|
_Kewk_
Title: Sith Lord
Posts:
10,167
Registered:
Dec 17, '02
Extended Info (if available)
Real Post Cnt: 9,952
User ID: 749,729
|
Subject:
Is this true?
|
vn_jurojin posted:
Is this true?
Prolly not.
-----signature-----
(none)
|
|
Link to this post
|
Lithium_Power
Title: I want my icon back....
Posts:
8,214
Registered:
Dec 6, '01
Extended Info (if available)
Real Post Cnt: 8,111
User ID: 534,650
|
Subject:
Is this true?
|
|
Yes, we've made passwords easy for machines to figure out but hard for us to remember.
-----signature-----
|
|
Link to this post
|
_Kewk_
Title: Sith Lord
Posts:
10,167
Registered:
Dec 17, '02
Extended Info (if available)
Real Post Cnt: 9,952
User ID: 749,729
|
Subject:
Is this true?
|
Lithium_Power posted:
Yes, we've made passwords easy for machines to figure out but hard for us to remember.
I have way too many passwords  there's no way I can remember every password.
-----signature-----
(none)
|
|
Link to this post
|
Ookane
Title: Moderator
Posts:
7,677
Registered:
Oct 15, '02
Extended Info (if available)
Real Post Cnt: 7,539
User ID: 727,456
|
Subject:
Is this true?
|
This just in, longer passwords are harder to crack!
As others have said, without knowing the formatting (last 2 chars are always random or arbitrary), there is no way to attack the first one aside from brute force, same as the second one. Doing this will mean the longer the password, the more itterations, and the harder to crack.
As for the second part of the comic, difficulty to remember - I have 5 passwords, all different, which are at least 12 characters long, have to have 2 lower case, 2 caps, 2 numbers, and 2 special characters in them, and change every 60 days. I have no issues remembering them. Maybe the real topic of the comic was to say "Many people who use PC's are not very smart?"
-----signature-----
WoW - Lightbringer server
For the HORDE!!!
|
|
Link to this post
|
Lannai
Posts:
2,526
Registered:
Oct 7, '04
Extended Info (if available)
Real Post Cnt: 1,963
User ID: 973,906
|
Subject:
Is this true?
|
Ookane posted:
This just in, longer passwords are harder to crack!
As for the second part of the comic, difficulty to remember - I have 5 passwords, all different, which are at least 12 characters long, have to have 2 lower case, 2 caps, 2 numbers, and 2 special characters in them, and change every 60 days. I have no issues remembering them. Maybe the real topic of the comic was to say "Many people who use PC's are not very smart?"
Or maybe smart people have WAY better things to do with their time...than coming up with a complicated password scheme on a 60 day rotation just to insult everyone else that finds the current system of passwords a bit cumbersome.
And on a side note, I CURRENTLY have at least a dozen pins/passwords/doorcodes in my daily life that couldn't remotely fit into your "system." On a weekly basis, I use 20-30 codes/keys/passwords/etc for work alone. But then...I'm probably stupid for not wanting to remember 5 more passwords with 12 characters of upper and lower case, numbers, and special characters which last 2 months max. 
-----signature-----
Lannai
Fidenian
|
|
Link to this post
|
Ravynmagi
Title: Moderator
Posts:
29,978
Registered:
Dec 23, '01
Extended Info (if available)
Real Post Cnt: 29,452
User ID: 572,278
|
Subject:
Is this true?
|
Ookane posted:
This just in, longer passwords are harder to crack!
As others have said, without knowing the formatting (last 2 chars are always random or arbitrary), there is no way to attack the first one aside from brute force, same as the second one. Doing this will mean the longer the password, the more itterations, and the harder to crack.
As for the second part of the comic, difficulty to remember - I have 5 passwords, all different, which are at least 12 characters long, have to have 2 lower case, 2 caps, 2 numbers, and 2 special characters in them, and change every 60 days. I have no issues remembering them. Maybe the real topic of the comic was to say "Many people who use PC's are not very smart?"
If it was just 5 passwords to remember, maybe I could be okay with that. But who has only 5 passwords? I have dozens, probably hundreds of passwords. There is no way I'm remembering each one.
So I see people recommend having a pattern that integrates the website or service name into the password somehow. Which I tried, but even that just got complicated to manage and remember.
I've given up. I now entrust most of my passwords to a password manager.
-----signature-----
(none)
|
|
Link to this post
|
Steelwind_Oo
Title: Lurking Oo
Posts:
32,879
Registered:
Sep 30, '00
Extended Info (if available)
Real Post Cnt: 31,007
User ID: 46,829
|
Subject:
Is this true?
|
|
Heh, I have way to many passwords. It is a liability of the job. At the same time I have to deal with confidential information for clients and am always on the go. I just have a usb thumb drive that I keep around my neck that is encrypted with all the sensitive stuff on it and yes that password is not going to be cracked any time soon, lol.
-----signature-----
'God is an imaginary friend for grownups.', Walter Crewes (Morgan Freeman), The Big Bounce
Don't be afraid to ask dumb questions they're easier to handle than dumb mistakes!
Xbox 360 Gamer Tag: SteelwindOo
e93% a53% s33% k13%
|
|
Link to this post
|
Akza
Posts:
10,121
Registered:
Sep 8, '02
Extended Info (if available)
Real Post Cnt: 9,783
User ID: 713,614
|
Subject:
Is this true?
|
Ookane posted:
This just in, longer passwords are harder to crack!
As others have said, without knowing the formatting (last 2 chars are always random or arbitrary), there is no way to attack the first one aside from brute force, same as the second one. Doing this will mean the longer the password, the more itterations, and the harder to crack.
As for the second part of the comic, difficulty to remember - I have 5 passwords, all different, which are at least 12 characters long, have to have 2 lower case, 2 caps, 2 numbers, and 2 special characters in them, and change every 60 days. I have no issues remembering them. Maybe the real topic of the comic was to say "Many people who use PC's are not very smart?"
Whar is tinfoil hat?
I just use lastpass... don't have to remember any passwords save for one extremely complicated one.
-----signature-----
·»Teydis ¤ Igraine«· ·»»·â€œ ¤Herra¤ “·««· http://www.backloggery.com/teylix
|
|
Link to this post
|
Ookane
Title: Moderator
Posts:
7,677
Registered:
Oct 15, '02
Extended Info (if available)
Real Post Cnt: 7,539
User ID: 727,456
|
Subject:
Is this true?
|
Apparently some companies need to unify some things. If you have so many different things that are so critical you need highly complex seperate passwords for that many different systems, something is wrong with the overall architecture. Obviously most of us are in IT related positions and of higher of intelligence than the average PC user.
I don't make the group policy that enforces the length or strength of passwords I use, I just obey the system, and those as the minimum requirements, so save to comments about how you are a smart person, but somehow cannot remember passwords, or that you think I need a tinfoil hat because I am paranoid. Companies have IP (intellectual property) they want to protect and much if it involves passwords which they get to have the say on their requirements.
Any of us who have had to ever work with the general population that uses PC's at work and home know firsthand that they are not even close to being in the same league as the majority here. These are people who have no clue how to share a folder, let alone would ever crack the case on a PC to do anything inside it. These same people use things like anniversaries, birthdays, or kids/pets names for passwords. Having so many passwords that a program to manage them is a sign of some overall broken setup or system.
For things outside of work I use a handful of passwords depending on how secure I feel access to said location is. This gives me another 5 outside of work, which I use from everything like message boards to email accounts, to online banking. Those which I need more security around I change more often and use a harder/longer password. Things I could give a rats ass about and are not a huge risk to me have easier passwords. In my past 15 years of working in IT as a profession, I have been hacked exactly zero times. I use proper antivirus/spyware on all devices and keep these up to date. I patch when patches are availible, and I am careful about where I go on the web and what I download and use. I leverage things like firewalls, proxies, and "private browsing" mode when in areas I suspect might be less than secure and safe.
Mostly it's just about common sense, which I have found over the years is a misnomer - it's not very common at all.
-----signature-----
WoW - Lightbringer server
For the HORDE!!!
|
|
Link to this post
|
|
|
| © 2012. All
Rights Reserved. |
|
|
|
|
