OSNews is Exploring the Future of Computing

Linked by Howard Fosdick on Sat 10th Nov 2012 07:28 UTC

If you want to ensure you have adequate passwords but don't have the time or interest to study the topic, there's a useful basic article on how to devise strong passwords over at the NY Times. It summarizes key points in 9 simple rules of thumb. Also see the follow-up article for useful reader feedback. Stay safe!

1 72 Comment(s)

http://osne.ws/khc

Permalink for comment 542152
To read all comments associated with this story, please click here.

RE[16]: make 'm long

by kwan_e on Mon 12th Nov 2012 15:13 UTC in reply to "RE[15]: make 'm long"

Member since:
2007-02-18

* how you decide your salt (ie is it the full website address inc protocol handler, the URI or just the website name?

If they can analyze raw passphrases for behavioural patterns in chosen words, they can surely do the same for the salt. As you say before, they don't have to break everyone's - just the easy ones.

* how the salt is encoded into the passphrase (eg is the salt and passphrase concatenated, and if so in which order? or is the passphrase hashed then the hash salted? etc)

They can just use the service to generate the hash, so they don't even need to figure it out. They'll probably be able to automate the whole process and just target the, say, top 20 most used generators.

So no, in all practicality you cannot reverse engineer in the method you describe and using "raw" passphrases like you keep advocating is still quite a bit less secure in comparison.

They wouldn't need to reverse engineer. They could figure out the most popular generators and get those generators do the work of generating. All they will have to do is to get all the output variants and try it. They could even just use the web service you linked to, feed in its guesses, then scrape the returned webpage for the generated hashes.

Seriously mate, I urge you to read up on this stuff as there's clearly some large gaps in your understanding here; which would be fine if you were asking questions, but instead you're trying to argue facts based on these gaps of knowledge and -with the greatest of respect- it's getting quite frustrating having to debunk all these misconceptions which you'd easily be able to debunk yourself if bothered to do a little independent research

I'm not even trying to argue anything.

Reply Parent Score: 2

Features

OS X 10.9 Mavericks

Linked by Thom Holwerda on 06/13/13 14:35 UTC

The third and final WWDC product I want to talk about is - of course - OS X 10.9 Mavericks. While iOS 7 was clearly the focus of this year's WWDC, its venerable desktop counterpart certainly wasn't left behind. Apple announced OS X 10.9 Mavericks, the first OS X release not to carry the name of a big cat.

2 Read More · 74 Comment(s)

The new Mac Pro: welcome back, Apple

Linked by Thom Holwerda on 06/11/13 17:07 UTC

We already talked about iOS 7 yesterday (after a night of sleep, it's only looking worse and worse - look at this, for Fiona's sake!), so now it's time to talk about the downright stunning and belly flutters-inducing new Mac Pro. As former owner and huge, huge, huge fan of the PowerMac G4 Cube - I haven't been this excited about an Apple product since, well, I would say the iMac G4. This is the Apple I used to love.

3 Read More · 160 Comment(s)

Apple unveils iOS 7

Linked by Thom Holwerda on 06/10/13 23:13 UTC

Apple held its big keynote event thing at WWDC earlier this evening, but since I was away with friends I've had to read up on it later in the evening. The company announced iOS 7, OS X 10.9 Mavericks, and they gave a preview of the new Mac Pro. Especially the Mac Pro impressed me, and while iOS 7's new Holo/Metro-inspired theme looks messy and garish to me, I do commend Apple for finally breaking the mold. This news item will focus on iOS 7 - I'll dive into the Mac Pro and OS X 10.9 tomorrow (it's late here now).

4 Read More · 30 Comment(s)

Silicon Valley responds to PRISM with coordinated PR campaign

Linked by Thom Holwerda on 06/08/13 14:57 UTC

And yes, the PRISM scandal is far, far from over. More and more information keeps leaking out, and the more gets out, the worse it gets. The companies involved have sent out official statements - often by mouth of their CEOs - and what's interesting is that not only are these official statements eerily similar to each other, using the same terms clearly designed by lawyers, they also directly contradict new reports from The New York Times. So, who is lying?

9 Read More · 70 Comment(s)

US collects data on virtually everyone, leaked docs reveal

Linked by Thom Holwerda on 06/07/13 11:40 UTC

This story is getting bigger and bigger. Even though most Americans probably already knew, it is now official: the United States government, through its National Security Agency, is collecting the communications and data of all American citizens, and of non-Americans using American services, through a wide collaboration with the large companies in technology, like Apple, Google, Microsoft, Facebook, and so on. Interestingly enough, the NSA itself, as well as the US government, have repeatedly and firmly denied this massive spying on Americans and non-Americans took place at all.

11 Read More · 124 Comment(s)

Obama to announce measures against patent trolls

Linked by Thom Holwerda on 06/04/13 12:45 UTC

Ah, patents - the never-ending scourge of the technology industry. Whether wielded by companies who don't actually make any products, or large corporations who abuse them because they can't compete in the market place or because they're simply jerks, they do the industry a huge disservice and are simply plain dangerous. According to The Wall Street Journal (circumvention link), president Obama is about to take several executive actions to address patent trolls - which may seem like a good idea, but I am very worried that all this will do is strengthen the positions of notorious patent system abusers such as Apple and Microsoft.

7 Read More · 65 Comment(s)

Genode 13.05 automates testing and benchmarking

Linked by nfeske on 05/31/13 10:12 UTC

With version 13.05, the developers of the Genode OS Framework take measures to ensure that Genode continues to scale well with a growing number of users and the steadily broadening platform coverage. Further highlights are the improved SoC support for Exynos 5, OMAP4, Raspberry Pi, i.MX, and new components for realizing headless systems.

3 Read More · 5 Comment(s)

iOS to open up more APIs, Apple interested in Android applications

Linked by Thom Holwerda on 05/29/13 16:59 UTC

At the D11 conference, Apple CEO Tim Cook once again took the stage to be interviewed by Walt Mossberg and Kara Swisher. While most of the interview can be replicated by picking and reading 10 random Apple fanblog stories - there were still a number of very interesting things that warrant some closer scrutiny.

1 Read More · 71 Comment(s)

Policy shows concerted effort by MS to destroy used games market

Linked by Thom Holwerda on 05/24/13 17:26 UTC

So, the Xbox One disaster continues. Microsoft's policy for dealing with the used games market has reportedly leaked - and it's a clear and direct attack to destroy the used games market. Prices for used games will be set at the retail value of a new game, and retailers have to hook into Microsoft's computer systems and comply with Microsoft's terms and conditions.

7 Read More · 130 Comment(s)

Xbox One forces gamers to pay for games borrowed from friends

Linked by Thom Holwerda on 05/21/13 21:38 UTC

At an event earlier today, Microsoft unveiled the next Xbox - the third model, but confusingly named Xbox One. The big focus was TV, integrated Kinect, and all the other stuff we all expected to be forced down our throats. I think it took them 25 minutes to actually come to what should be the core of the story: gaming. Nothing groundbreaking in the gaming department, except for how Microsoft intends to handle the used games market and borrowing games from friends: pay up, buddy!

9 Read More · 133 Comment(s)

OSNews

More Features »