Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Reply
 
Thread Tools Display Modes
Old 08-06-2012, 12:50   #41
ian turner
Trusted User
 
ian turner's Avatar
 
Join Date: Jan 2002
Location: the pits
Posts: 12,346
Thanks: 15
Thanked 315 Times in 303 Posts
Or they could just hack the website and get everyones passwords as in linkedin and last fm.
The problem with long passwords is that given that you can't read what you're typing in the chances of a typo increase with length and most folks can't remember multiple passwords.
Having email addresses as login ids doesn't help as otherwise the id would potentially add to the length being guessed.
__________________
---------------------------------------------------------------------------------
All important data is backed up. If you didn't back it up it wasn't important
------------------------------------------------------------------------------------
ian turner is offline   Reply With Quote
Old 08-06-2012, 18:59   #42
SpaceCoyote
Trusted User
 
SpaceCoyote's Avatar
 
Join Date: Aug 2002
Location: Behind You
Posts: 2,092
Thanks: 34
Thanked 21 Times in 16 Posts
Cool website. According to that, it would take 'about 7 billion years' to crack my most secure password.
SpaceCoyote is offline   Reply With Quote
Old 30-06-2012, 09:52   #43
target
Trusted User
 
target's Avatar
 
Join Date: Apr 2002
Location: Loughborough
Posts: 19,192
Thanks: 293
Thanked 4,688 Times in 2,067 Posts
I didn't even know I was on LinkedIn but I just got spam to an email address that would have been given them if I used them (their domain name at my domain name) so i guess I must have signed up ages ago and never used them. And someone at least has my email address from all of this!
target is offline   Reply With Quote
Old 30-06-2012, 12:11   #44
Tempest
Trusted User
 
Tempest's Avatar
 
Join Date: Jun 2000
Location: Horley (Gatwick)
Posts: 28,035
Thanks: 1,375
Thanked 1,065 Times in 626 Posts
Is that password website accurate you think? Seems a bit iffy to me.

It does not seem to take into account normal words and just goes by length of the password

So, something like.

Thisismypassworditsnotverygoodreally

Gets millions of years to crack
Really?

I would of thought any cracker program worth it's salt would crack something like that in moments by just scanning for normal word in a dictionary database as one of its primary thing to run through as a cracker writer would know to check for a string of normal words and not just go off individual character crunching with their algorithms.

I just went back and checked on that password site.
110 decillion years for that example I made up.
Really?

Last edited by Tempest; 30-06-2012 at 12:14.
Tempest is offline   Reply With Quote
Old 30-06-2012, 12:27   #45
target
Trusted User
 
target's Avatar
 
Join Date: Apr 2002
Location: Loughborough
Posts: 19,192
Thanks: 293
Thanked 4,688 Times in 2,067 Posts
I can't imagine a dictionary based password cracker would go to the trouble of checking all possible combinations of up to 9 words? That in itself would be a mammoth computing task. And at how many words do you stop such a dictionary hack? Considering your password is just as likely to be a short set of random characters?

I was under the impression most passwords were a single word and if you don't get it from that, you brute force which is, as you are seeing, length of password based.

I think something to consider is when you have millions of accounts, and most of them are easy one word passwords - you just won't bother with the rest. You'll have enough accounts from people that are crap at passwords!

Last edited by target; 30-06-2012 at 12:29.
target is offline   Reply With Quote
Old 30-06-2012, 13:09   #46
B0zza
Awaiting a package
 
B0zza's Avatar
 
Join Date: Feb 2004
Location: Zummerset
Posts: 2,372
Thanks: 14
Thanked 87 Times in 34 Posts
Quote:
Originally Posted by Tempest View Post
Is that password website accurate you think? Seems a bit iffy to me.

It does not seem to take into account normal words and just goes by length of the password

So, something like.

Thisismypassworditsnotverygoodreally

Gets millions of years to crack
Really?

I would of thought any cracker program worth it's salt would crack something like that in moments by just scanning for normal word in a dictionary database as one of its primary thing to run through as a cracker writer would know to check for a string of normal words and not just go off individual character crunching with their algorithms.

I just went back and checked on that password site.
110 decillion years for that example I made up.
Really?
Moments? Are you mental?

There are c500,000 words in the English language and you've got 9 of them. They'd have to be guessed in the right order. And that's starting from a position of knowing that I was trying to guess a string of 9 consecutive words. You do the maths with your 500,000 factorial.

And if I didn't know that your password was 9 words strung together, and how would I, then the odds get longer and longer.

Multiple passwords strung together is well known as being very difficult to crack. The limitation with this approach, often, is that password fields are shorter than you may require.
B0zza is offline   Reply With Quote
Old 30-06-2012, 13:59   #47
Tempest
Trusted User
 
Tempest's Avatar
 
Join Date: Jun 2000
Location: Horley (Gatwick)
Posts: 28,035
Thanks: 1,375
Thanked 1,065 Times in 626 Posts
Quote:
Originally Posted by B0zza View Post
Moments? Are you mental?

There are c500,000 words in the English language and you've got 9 of them. They'd have to be guessed in the right order. And that's starting from a position of knowing that I was trying to guess a string of 9 consecutive words. You do the maths with your 500,000 factorial.

And if I didn't know that your password was 9 words strung together, and how would I, then the odds get longer and longer.

Multiple passwords strung together is well known as being very difficult to crack. The limitation with this approach, often, is that password fields are shorter than you may require.
For my example, I can't see any major problem no.

(Taken from a website)
The entire Oxford English Dictionary contains around 171,000 words. As you might imagine, the average person only uses a tiny fraction of those words, by some estimates somewhere between 10 and 40 thousand.

So, you'd look at my example, and it starts with a "T" so we only need to check for T words

T (no that's not a word keep checking)
Th (no not a word keep checking)
Thi (no not a word keep checking)
This (yes, this is a valid word, but lets check the next letter as it may be the start of a longer word)
Thisi (no there are no words that start with this, so be back track to the word "This" and we have the 1st valid word.

Now we start with the " i " (yes this could be a word on it's own but lets check)
is (yes a valid word, lets carry on more)
ism (no, no words start with ism, so it has to be "is)

We now have Thisis

So lets carry on....... ect

Or course, this would only work for a scenario where someone wrote a string of normal words joined together, but I can't see is being THAT hard to crack such a "simpleseriesofwordsjoinedtogether"

It would certainly be one of the 1st things to check for when attempting to crack a passwords using the "dictionary attack" methods they talk about.

Or course, using !"£$%^& and made up exwamkerly type words would foil such an approach
Tempest is offline   Reply With Quote
Old 30-06-2012, 14:13   #48
Guest 9359
Gamertag: Kiruji
 
Join Date: Jun 2001
Location: Telford
Posts: 3,956
Thanks: 36
Thanked 15 Times in 9 Posts
How does the hacker know your password starts with T? Isn't there 171k x 171k x 171k and so on permutations to work through? I haven't done the Maths, but that must be a big number with 9 words?
Guest 9359 is offline   Reply With Quote
Old 30-06-2012, 14:20   #49
Guest 65726
Trusted User
 
Guest 65726's Avatar
 
Join Date: Jun 2008
Location: Graveyard of a Man's Ambition
Posts: 296
Thanks: 47
Thanked 10 Times in 10 Posts
But thats not how authentication works, if it did no password would be safe and be cracked in moments, your thinking about it like a safe cracker where you work out each combination in series as you get a confirmation that each stage is correct.

In layman's terms authentication is more a Yes/No answer there is no "yes you got the 1st character right but you need another 13 to pass". There are some exceptions to this rule (like WEP Wireless protocol) but most password cracking is done via social engineering or brute force dictionary attack.
Guest 65726 is offline   Reply With Quote
Old 30-06-2012, 14:27   #50
Tempest
Trusted User
 
Tempest's Avatar
 
Join Date: Jun 2000
Location: Horley (Gatwick)
Posts: 28,035
Thanks: 1,375
Thanked 1,065 Times in 626 Posts
Hmmm, yes.

Thinking about it again, and what you say, yes, you indeed would not know that you had got a valid part of "the key"

I was thinking about this in the wrong way.
Tempest is offline   Reply With Quote
Old 30-06-2012, 14:28   #51
scoobyood
Tony Danza
 
scoobyood's Avatar
 
Join Date: Aug 2004
Location: Zagreb
Posts: 9,849
Thanks: 1,112
Thanked 1,658 Times in 867 Posts
edit:

Ignore, slow post.

Last edited by scoobyood; 30-06-2012 at 14:29.
scoobyood is offline   Reply With Quote
Old 30-06-2012, 14:30   #52
target
Trusted User
 
target's Avatar
 
Join Date: Apr 2002
Location: Loughborough
Posts: 19,192
Thanks: 293
Thanked 4,688 Times in 2,067 Posts
I think you've been watching too many films where random letters scroll across the screen and popup green once you have them correct in that position.
target is offline   Reply With Quote
Old 01-07-2012, 12:26   #53
Wooglie
Rurouni
 
Wooglie's Avatar
 
Join Date: May 2001
Location: Farnborough
Posts: 6,110
Thanks: 1,668
Thanked 1,114 Times in 476 Posts
I base most of my IT knowledge on the 1995 film Hackers
Wooglie is offline   Reply With Quote
Old 24-11-2013, 10:29   #54
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,059
Thanks: 2,848
Thanked 2,953 Times in 1,282 Posts
Exclamation Was My Adobe Account Hacked ? YES !

Further to this discussion in the Photo forum.

Lastpass : email account checker

Top 100 most common Adobe user passwords (text file, opens in browser)

My email address was in the database, although I have no recollection of ever signing up with them - and my password was being used by nearly 100 other people ! (It was an old one I've never used for years, so I must have signed up a long time ago for some reason or other).
driver8 is offline   Reply With Quote
Old 27-05-2014, 16:09   #55
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,059
Thanks: 2,848
Thanked 2,953 Times in 1,282 Posts
Interesting read about creating a "password pattern" - Hans Anderson - Remember secure passwords: Create a Password Pattern

And an old (but no less relevant/interesting) analysis of the kinds of passwords that people choose - troyhunt.com - The science of password selection
driver8 is offline   Reply With Quote
Old 28-05-2014, 06:31   #56
jockosjungle
Alone in the Atlantic
 
Join Date: Feb 2001
Location: Falkland Islands
Posts: 24,123
Thanks: 291
Thanked 1,313 Times in 925 Posts
I thought about doing something a bit similar using a keyword and the letters of the company I was using. It's probably actually a good idea to start changing them.

What concerns me most is that there must be databases out there that are not being used, i'm sure CD-WOW still has my details, and StarDVD
jockosjungle is offline   Reply With Quote
Old 28-05-2014, 08:28   #57
peg20
Trusted User
 
Join Date: Apr 2001
Location: London
Posts: 2,898
Thanks: 174
Thanked 46 Times in 44 Posts
I just use the auto-generated passwords from keepass. Very secure passwords and I don't need to remember them!
peg20 is offline   Reply With Quote
Old 12-07-2014, 11:27   #58
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,059
Thanks: 2,848
Thanked 2,953 Times in 1,282 Posts
So which password manager is everyone using these days, and are you happy with it ?
Which is the least hassle and easiest to use across all devices ?
Anyone tried more than one, to compare ? (Is there a good review roundup anywhere ?)

I don't need any bells & whistles, and use Chrome on Windows and Android smartphone, without any dedicated banking apps (for now).
Will I need to pay monthly/annually for the best solution (which I'd rather not have to do) or is there a 1-off payment (or completely free ?) method that is just as good as the big boys ?
How do the apps handle things like 1st/3rd/7th characters from your memorable word ?
As for allowing your app to generate & manage all your passwords so even you don't know what they are - still seems weird to me - anyone come unstuck with this, say at a cybercafé or friend's house ?

Looks like it's between LastPass and KeePass (dated website !?), but then 1password, eWallet (and Peguta for free) might be worth a look too. And then a bit more reading brings up SplashID and RoboForm as worthwhile too.

There's obviously a considerable investment in time & effort to get these things up & running - so what is the current forum fave ?
driver8 is offline   Reply With Quote
Old 12-07-2014, 17:05   #59
fredfox_uk
Me
 
Join Date: Oct 2003
Location: Earth
Posts: 685
Thanks: 256
Thanked 41 Times in 26 Posts
I've used eWallet for years, the PC sync isn't very good but the android side is quite good. Lots of fields etc.
fredfox_uk is offline   Reply With Quote
Old 12-07-2014, 19:13   #60
richie-t
Dick Stallion
 
Join Date: Aug 2004
Posts: 5,535
Thanks: 643
Thanked 237 Times in 157 Posts
I use last pass, no problems so far!
richie-t is offline   Reply With Quote
Reply

Bookmarks

Tags
hacking, passwords, Phishing, threat

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
It's time to update my web site.... Guest 17513 Computing Forum 42 15-03-2012 15:21
Nokia: Auto-update of date & time Guest 20850 Mobile Phone and Satellite Navigation Forum 11 02-11-2008 01:18
SE W950i time update problem MaleStrom Mobile Phone and Satellite Navigation Forum 1 17-04-2007 19:11
Windows Update time again internetuser Computing Forum 10 10-02-2005 01:33

All times are GMT. The time now is 14:52.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.qq
Copyright ©2000 - 2021 Network N Ltd.