Announcement

**Sparko** · 02-27-2014, 01:58 PM

Originally posted by Outis View Post

MKUltra.

or Mercola.

**Outis** · 02-27-2014, 02:33 PM

Originally posted by Sparko View Post

or Mercola.

Ha! They have the same phonemes. IT'S ALL A PLOT!

**RBerman** · 02-27-2014, 02:58 PM

Originally posted by Irate Canadian View Post

Here are some tips:

I wonder... are there really "44 bits of entropy" in such a password? If passwords like this are common, then surely hackers will try word combinations from the dictionary first, lowering the number of combinations to X^4, where X is the number of words in the dictionary. That's much less than 2^44.

**Sparko** · 02-27-2014, 03:15 PM

Here is how I set my password. First I take my first name, spell it backwards, convert it to binary and divide by 20 and convert it back to ascii text. Then I add the first and last 2 digits of my social security number, subtract my last 2 digits of my phone number, convert all "a"s into "@" then append my favorite fruit's name and finally, I add in my birth year...

then when I have all that, I set my password to "bacon"

**Catholicity** · 02-27-2014, 03:27 PM

considering that none of mine are tied to bank credit card or bill activity.....good luck with that.

**Irate Canadian** · 02-27-2014, 04:17 PM

Originally posted by RBerman View Post

I wonder... are there really "44 bits of entropy" in such a password? If passwords like this are common, then surely hackers will try word combinations from the dictionary first, lowering the number of combinations to X^4, where X is the number of words in the dictionary. That's much less than 2^44.

When I inputted Randal's password,this is the specifications it gave me:
Length: 19 characters
Character Combinations: 26
Calculations Per Second: 4 billion
Possible Combinations: 766 septillion

**Raphael** · 02-27-2014, 04:20 PM

Originally posted by Irate Canadian View Post

Here are some tips:

The only problem with that one has always been the people who thought: that's a good idea, and then set their password to "correct horse battery staple"

**Outis** · 02-27-2014, 04:20 PM

Originally posted by Irate Canadian View Post

When I inputted Randal's password,this is the specifications it gave me:
Length: 19 characters
Character Combinations: 26
Calculations Per Second: 4 billion
Possible Combinations: 766 septillion

However, the tool you're using is measuring letter combinations. RBerman is correct as far as word combinations: a brute-force dictionary attack would be problematically easy, because of the relative ease of dictionary attacks.

And as Randall notes in the alt text, if the attacker can get the hash table, it's even easier.

**Sparko** · 02-28-2014, 07:07 AM

Originally posted by Outis View Post

However, the tool you're using is measuring letter combinations. RBerman is correct as far as word combinations: a brute-force dictionary attack would be problematically easy, because of the relative ease of dictionary attacks.

And as Randall notes in the alt text, if the attacker can get the hash table, it's even easier.

I think a much better password would be to think of an easy to remember sentence or phrase, then take the first letter of each word for the password, and stick a couple of numbers at the beginning or end. Then to anyone else it is just a random alphanumeric password, but easy for you to remember.

**Eric Schmidt** · 02-28-2014, 07:24 PM

Originally posted by RBerman View Post

I wonder... are there really "44 bits of entropy" in such a password? If passwords like this are common, then surely hackers will try word combinations from the dictionary first, lowering the number of combinations to X^4, where X is the number of words in the dictionary. That's much less than 2^44.

On the contrary, most dictionaries have far more than 2^11 = 2048 words.

**rogue06** · 03-01-2014, 01:38 AM

Originally posted by Cow Poke View Post

my password is *********

I'm not changing it.

Like the old joke about the little kid running up to his older siblings and saying "I know what Daddy's password is. It's asterisk, asterisk, asterisk, asterisk, asterisk."

**rogue06** · 03-01-2014, 01:39 AM

Originally posted by Sparko View Post

let me guess. all of your passwords are now "Grassy Knoll" right?

Or "anti-vac"

**Irate Canadian** · 03-01-2014, 10:09 AM

Originally posted by Outis View Post

And as Randall notes in the alt text, if the attacker can get the hash table, it's even easier.

That's true as far as hash tables created with MD5 hashing. If the group that lost the hash table used something like the BCrypt algorithm, it would take a long,long time to crack the hashes. The problem is most sites use MD5 to store passwords and that allows hackers to easily crack passwords as soon as they get the hash table.

**Outis** · 03-01-2014, 10:14 AM

Originally posted by Irate Canadian View Post

That's true as far as hash tables created with MD5 hashing. If the group that lost the hash table used something like the BCrypt algorithm, it would take a long,long time to crack the hashes. The problem is most sites use MD5 to store passwords and that allows hackers to easily crack passwords as soon as they get the hash table.

True, but how many pre-packaged websites use BCrypt? Even VB uses MD5, if I remember correctly, and folks like me simply don't have the coding know-how to substitute a better cypher suite.

**Irate Canadian** · 03-01-2014, 10:41 AM

Originally posted by Outis View Post

True, but how many pre-packaged websites use BCrypt? Even VB uses MD5, if I remember correctly, and folks like me simply don't have the coding know-how to substitute a better cypher suite.

There are so many libraries out there using BCrypt. The problem is people aren't willing to hash passwords properly.

Announcement

Newsdesk Guidelines

Change your passwords now! Reason ...

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Related Threads