RyanBrothwell
New member
Those password strength meters are actually useless
Can we actually trust those password "strength" meters?
Can we actually trust those password "strength" meters?
Those password strength meters are actually useless
- Thread starter RyanBrothwell
- Start date
Mister 44
New member
When sites allow it, this is the best practice. Easy to remember and difficult to force-attack.
Well done, [MENTION=12147]Hagan[/MENTION] .
Problem is that some sites still force you to follow the "1 special character, 1 numeric, 1 uppercase" rule. And in my opinion these rules actually gives a blueprint for hackers on the password structure.
Hagan
Check my new Avatar
I add in these CAPS, NUM3R4L5 & $pec*als, to form the sentence, if that is what the requirement is.
Avatar
New member
Mister 44
New member
I add in these CAPS, NUM3R4L5 & $pec*als, to form the sentence, if that is what the requirement is.
Nice. Good tip that, thanks.
Blazzok
New member
This is an Ars article from 2013. It shows how using random word combo passwords like "bananastaplehorse" (even with symbols and numbers thrown in) can be cracked without too much effort.
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/3/
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/3/
mottamort
Bargain Hunter
And unless you work the for CIA, NSA or some other sort of secret illuminati group, noone is going to break into your house and steal the gibberish you've written down on a notepad shoved in a drawer somewhere
Writing it down is actually not as "vulnerable" as people think. I'd say its more secure than using lastpass, seeing as lastpass is a target...my house isn't
murfle
New member
And unless you work the for CIA, NSA or some other sort of secret illuminati group, noone is going to break into your house and steal the gibberish you've written down on a notepad shoved in a drawer somewhere
Writing it down is actually not as "vulnerable" as people think. I'd say its more secure than using lastpass, seeing as lastpass is a target...my house isn't
Exactly, I cringe every time someone recommends lastpass. Its only a matter of time until it gets broken into and everyone's passwords go public. Don't trust others with your security.
Also, put your written passwords in a sealed envelope, so you know if its been tampered with. Keep two copies in seperate secure locations, so if one gets stolen, you can still get in to change all of them.
PsychoFish
New member
The problem is two-fold. While a password like 1ChickenPie500Coke&Chips=H@ppiN355 is in theory a good password it becomes useless if (1) you use it in more than one location (2) a location saves it using reversible encryption or uses a weak cipher.
Plenty of recent "hacks" have been due to passwords being hashed using MD5 (which is cool, but you can decrypt MD5 hashes in about 2 seconds these days), the other culprit is SHA-1 which is very breakable.
Plenty of recent "hacks" have been due to passwords being hashed using MD5 (which is cool, but you can decrypt MD5 hashes in about 2 seconds these days), the other culprit is SHA-1 which is very breakable.
DarthRiven
New member
Well, gfycat essentially uses this system to generate unique URLs and it seems to be working brilliantly for them
Avatar
New member
Ja, this is where the xkcd example I posted falls over a bit. The comic assumes that a brute force attack will guess each letter, which leads to the high entropy bit count, where in reality dictionary attacks will mean that each word (or major syllable) would be a bit of entropy. It's still my preferred starting point, since it's all relative anyway, as [MENTION=6600]PsychoFish[/MENTION] was alluding to.
Not quite the same. gfyCat has a very specific URL generation format that goes <adjective><adjective><animal>. The reason comes down to easier reproduction for humans, rather than the added benefit of easier memorization.