Linked by Howard Fosdick on Sat 10th Nov 2012 07:28 UTC
Bugs & Viruses If you want to ensure you have adequate passwords but don't have the time or interest to study the topic, there's a useful basic article on how to devise strong passwords over at the NY Times. It summarizes key points in 9 simple rules of thumb. Also see the follow-up article for useful reader feedback. Stay safe!
Thread beginning with comment 542133
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[10]: make 'm long
by kwan_e on Mon 12th Nov 2012 12:13 UTC in reply to "RE[9]: make 'm long"
kwan_e
Member since:
2007-02-18

As I've stated before, attackers will use routines such as dictionary attacks to gain access to as many accounts as they can with as little effort as they can. Then worry about using a "blunter" brute force routine to catch the remainder should they need to.


Since that's the strategy, it doesn't really make passphrases any less secure since they're just going to attack a whole lot of accounts and get as much as they can. There will always be people with weak passphrases.

There's nothing stopping crackers from targeting password hash generators either.

Reply Parent Score: 2

RE[11]: make 'm long
by Laurence on Mon 12th Nov 2012 12:28 in reply to "RE[10]: make 'm long"
Laurence Member since:
2007-03-26


Since that's the strategy, it doesn't really make passphrases any less secure since they're just going to attack a whole lot of accounts and get as much as they can. There will always be people with weak passphrases.

But nearly all passphrases are weak and that's why they're less secure. I've stated this several times now. In fact, did you even read the fucking link I provided?

The whole passphrase point is taken directly from professional security experts who specialise in cracking passwords and thus hardening systems against such attacks. But as usual, you know better.

I swear to God, sometimes chatting on here is like pulling teeth <_<


There's nothing stopping crackers from targeting password hash generators either.

You can't target hash generators for my method. the hash generator is only used as a method to create a random password. You could just as easily mash the keyboard for all the difference it makes. Except with my method you don't need to store the password anywhere.

You haven't the slightest idea what you're talking about, so I beg you, please, for the love of God, read the link I provided. Do yourself a favour and educate yourself on this subject because at the moment it's pretty clear that your understanding is outdated at best.

Reply Parent Score: 2

RE[12]: make 'm long
by kwan_e on Mon 12th Nov 2012 13:26 in reply to "RE[11]: make 'm long"
kwan_e Member since:
2007-02-18

"There's nothing stopping crackers from targeting password hash generators either.

You can't target hash generators for my method. the hash generator is only used as a method to create a random password. You could just as easily mash the keyboard for all the difference it makes. Except with my method you don't need to store the password anywhere.
"

Why can't you target hash generators? After all, to generate your hash, you're basically using a passphrase and the website for the salt.

If passphrase cracking is as easy as you say it is, then it's just as easy for a cracker to figure out the passphrase you use to generate the hash.

Edited 2012-11-12 13:27 UTC

Reply Parent Score: 2