Army Rumour Service

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

3 tips to make you more secure online

endure

GCM
And adding the important bit you missed......

View attachment 360891

It is pointless arguing, that's one thing you are correct about.

You missed this bit out:

"But wouldn't something like “D0g” be in a dictionary, even with the 'o' being a zero?

Sure, it might be. But that doesn't matter, because the attacker is totally blind to the way your passwords look. The old expression “Close only counts in horseshoes and hand grenades” applies here. The only thing an attacker can know is whether a password guess was an exact match . . . or not. The attacker doesn't know how long the password is, nor anything about what it might look like. So after exhausting all of the standard password cracking lists, databases and dictionaries, the attacker has no option other than to either give up and move on to someone else, or start guessing every possible password."
 
You missed this bit out:

"But wouldn't something like “D0g” be in a dictionary, even with the 'o' being a zero?

Sure, it might be. But that doesn't matter, because the attacker is totally blind to the way your passwords look. The old expression “Close only counts in horseshoes and hand grenades” applies here. The only thing an attacker can know is whether a password guess was an exact match . . . or not. The attacker doesn't know how long the password is, nor anything about what it might look like. So after exhausting all of the standard password cracking lists, databases and dictionaries, the attacker has no option other than to either give up and move on to someone else, or start guessing every possible password."

Hackers use rainbow tables. A rainbow table is a pre-generated list of likely passwords and the hash values (salting makes this much harder). There is no limit to what can be in a rainbow table - and it will contain common password obfuscations ("password", "Password", "Pa55word", "Passw0rd" etc. etc.) - the attacker then simply compares the stolen list of hashes against the hashes in the rainbow table, and that gives them the original password.

The longer the password is, the longer it takes to generate the hash, and the more possible variations need to be calculated.

To put it simply, a computer does not care whether you use lower case, upper case, numbers, punctuation - they are all the same. The difference is in how many possible variations there are to exhaustively search the namespace.

Longer password = more variations.
More character options = more variations.

A (long) memorable password is better than a (complicated) one that needs writing down or storing.
 

happyuk

War Hero
I''m sorry old bean but I just need to point out that "Did you take the dog out today?" is not a strong password. It will take a few seconds for a machine to guess that. The first thing anyone does when trying to guess a password is a "dictionary attack" they simply try words and combination of words from a dictionary. When a machine is doing this it takes a few seconds or maybe a few minutes at the most to run through it all.

This is a strong password "5m*ljS4mC#RKEg@6UfTfO09sHxuVs3Y6Z5BZ9#" and as any normal person will know, there is no hope of remembering it. That is why we use Lastpass. It means you can use a different password like that on every site and you never need to remember it and nobody will be able to guess it.

Not correct. You're still not biting. As pointed out by others - this whole thing of using umpteen special characters etc is becoming hackneyed ill-thought-out farcical bollocks. It will not take seconds for a machine to plough through the password teddyBear gave simply because it is not a simple case of ploughing through combinations of dictionary words in the manner that you describe. If it were then I would agree. What about the question mark at the end? And the white spaces between words, which are perfectly valid as password characters (see myth #8 in the link below)? And that the word lengths will be unknown? I am fairly certain this is adequately secure, but am more than willing to be corrected on this.

Have a look at this: Ten Windows Password Myths | Symantec Connect
 
Last edited:
I use Lastpass and it's brill, but I do worry about having so many passwords in one information silo

If Lastpass gets hacked it's going to be brutal

Yeah it''s something to think about but the password file is stored on your local machine. I think the only time it is transferred is when you switch to a new machine / device but it's encrypted strongly and supposed to be shredded after the transfer is complete. I trust it.

My main concern is that somebody will acquire lastpass, like google. I investigated this at some length and they address this concern in an open letter somewhere saying that they wont do it but who knows...
 
Not correct. You're still not biting. As pointed out by others - this whole thing of using umpteen special characters etc is becoming hackneyed ill-thought-out farcical bollocks. It will not take seconds for a machine to plough through the password teddyBear gave simply because it is not a simple case of ploughing through combinations of dictionary words in the manner that you describe. If it were then I would agree. What about the question mark at the end? And the white spaces between words, which are perfectly valid as password characters (see myth #8 in the link below)? And that the word lengths will be unknown? I am fairly certain this is adequately secure, but am more than willing to be corrected on this.

Have a look at this: Ten Windows Password Myths | Symantec Connect

Before you draw any conclusions, try and crack a password with johntheripper. When I have to do it, I pray that people have used passwords like yours because I'll have the password in seconds. Even if you try and obfuscate it with something like pa55w03d, It does not matter, it's easily guessed because I have a dictionary file with it all.

You cant guess a password like this - 8a#%iM0HAx6X%w1WoZr8BxUDYF*TY^MekW6Sr& - you have to brute force it trying one character at a time and it takes enormous amounts to process power and time to do it which makes it not worth peoples time to try.

Of course only the autistic (of which there are many on this site) can remember such a password which is why we use password managers like lastpass.

Somebody is going to, if they have not already, post the Correct Horse Battery Staple comic and while that is true and amusing, it only works in the context of certain attacks and using a strong password like I have already pasted covers you in all circumstances. That is old world thinking in which people are trying to retain password in their heads, which is not a good idea.

You should never use the same password twice. If you do and somebody guesses or steals your password, they will use it to unlock everything that you have. The only way that you can keep a strong, different password on everything is to use a password manager.

This is not radical thinking and the infosec world agree with me on this one.
 
I imagine you could increase the strength of that password by simply messing the spelling of one of the words - e,g, did you take the dge today. I can't even imagine how long it would take a random generator to crack that, as it would mean it cannot rely on dictionary alone. Or swap one of the words with a foreign equivalent - did you take das dog out today

It adds to the entropy yes but we use a tool called Johntheripper which knows all these tricks and will try them all in no time at all.
 
what really boils my piss....

videos automatically playing on newspaper sites

then playing the ******* next one....

bastards
 
Use a modded hosts file with a decent up to date blocking list, for network wide ad blocking - use a raspberry Pi with pi-hole installed.

Always use an Antivirus program such as defender - you can use this in a sandboxed mode so it's even more secure.

Don't download dodgy software or open email attachments from people you don't know.

Always check the url of any email you receive to make sure it came from where it says it does.

Always use different passwords on each site - and change them regularly - use phrases such as 'Did you take the dog out today?', as these passwords are long and very difficult to hack.

Don't answer spam calls, and don't give any details to anyone via a phonecall - unless of course you have phoned the company yourself such as a bank and they need to verify who you are.

Open unknown/new programs in a sandbox first, so they can be verified to be what they are - and can't damage your OS.

Probably switch to Linux - such as Ubuntu, this is far more secure than windows and doesn't contain all the 'spying' software that windows uses.

You got to be ******* joking. I'll just say this, then leave you to it "Amazon"
 
Your Encryption Will Be Useless Against Hackers with Quantum Computers

Fast forward a few years and without too much thread drift...

IBM makes 20 qubit quantum computing machine available as a cloud service

Home

Check out the D-Wave Industry application page....

Industries | D-Wave Systems

Passwords will be a thing of the past soon.

When passwords become ineffective, any other form of personal security won't be far behind, as they're all just a string of 0's & 1's when it comes down to it.
 
When passwords become ineffective, any other form of personal security won't be far behind, as they're all just a string of 0's & 1's when it comes down to it.

Well no because they add additional measures, like two step authentication, time limits on how often you can try a different password, more advanced captchas etc etc. It's not as bleak as people think.


As for the quantum computers, are they actually a thing yet or are they digital computers emulating quantum computers?
 

sirbhp

LE
Book Reviewer
thanks to the op for thisthread i have taken up some ofyour suggestions after getting two blackmails for porn watching, an an urgent request from a friend to send hin a grand to bail him out of the klaart.
 

Latest Threads

Top