Linked by Howard Fosdick on Sat 10th Nov 2012 07:28 UTC
Bugs & Viruses If you want to ensure you have adequate passwords but don't have the time or interest to study the topic, there's a useful basic article on how to devise strong passwords over at the NY Times. It summarizes key points in 9 simple rules of thumb. Also see the follow-up article for useful reader feedback. Stay safe!
Permalink for comment 542147
To read all comments associated with this story, please click here.
RE[14]: make 'm long
by kwan_e on Mon 12th Nov 2012 14:02 UTC in reply to "RE[13]: make 'm long"
kwan_e
Member since:
2007-02-18

The only possible way you could find out the passphrase for the hash used in my method would be if you found out the output password; and if they know that then they already have your password so there's no bloody point trying to find the passphrase used to generate that password as they already have your login details lol.


They don't need to know your password. They just need to know if the hash they generated managed to authenticate themselves to a site as you. ie:

1) Estimate your passphrase
2) Generate the hash
3) Use the hash to try and authenticate

Sure, it's a few extra steps than

1) Estimate your passphrase
2) Use the passphrase to try and authenticate

It's one more level of indirection, but it still begins with a passphrase.

Reply Parent Score: 2