Results 1 to 5 of 5
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    Safely send sensitive information over the Net




    BEST PRACTICES

    Safely send sensitive information over the Net




    By Lincoln Spector

    All too often, we send and receive sensitive information by unsecured e-mail, leaving us open to data and identity theft.

    Fortunately, there are relatively easy and inexpensive solutions for transferring personal data over the Web to friends, relatives, and business associates.

    The full text of this column is posted at http://windowssecrets.com/best-pract...-over-the-net/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    Star Lounger
    Join Date
    Dec 2009
    Location
    Sydney, Australia
    Posts
    74
    Thanks
    6
    Thanked 6 Times in 6 Posts

    Complex passwords unnecessary?

    Lincoln Spector in an article in today's WindowsSecrets suggests that 5.ytT#0_xn0ATzQVN|_yeGk2+0vFC2]ndZ is a good password. I think it is horrible. Any password much more than 8 characters with a suitable mix from the 96 character set will be totally uncrackable. So why have a password that you cannot type, cannot remember and thus have to copy? Absurd.

    He says that Swordfish
    is not good. Probably true, though a 9 character mix of upper and lower case would take a brute strength cracker 8800 years with a simple desktop computer attack and 32 days with a supercomputer analysing 1 trillion passwords per second (see http://www.lockdown.co.uk/?pg=combi). If you add 10 numbers to the mix, supercomputer time would increase to 500 days. Swordfish9 would take 100 years to crack.

    If you add common symbols (96 character set), a supercomputer attack on a 10 character password would require around 2500 years. Who is going to use a supercomputer for 2500 years to crack Swordfis9#?

    I think it is way past time for WindowsSecrets to have a sensible look at passwords. I use simple passwords for things (like logging on to WindowsSecrets) that no-one would want to crack and I wouldn't care if they did. More complex passwords for things like my email account that pose a risk if hacked, and strong passwords for access to my encrypted folders and bank accounts (8+ characters from the 96 char set). Or is there something I am missing?
    Last edited by jonrichco; 2012-04-12 at 07:12.

  3. #3
    New Lounger
    Join Date
    Apr 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for a very interesting article. I just found this site: https://priv.ly/ which addresses the issue of privacy. I, for one, would be interested in your opinion of this method.

  4. #4
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,483
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by jonrichco View Post
    Any password much more than 8 characters with a suitable mix from the 96 character set will be totally uncrackable.
    Reference, please?

    He says that Swordfish
    is not good. Probably true, though a 9 character mix of upper and lower case would take a brute strength cracker 8800 years with a simple desktop computer attack and 32 days with a supercomputer analysing 1 trillion passwords per second (see http://www.lockdown.co.uk/?pg=combi). If you add 10 numbers to the mix, supercomputer time would increase to 500 days. Swordfish9 would take 100 years to crack.
    True only if Swordfish were not a common dictionary word. 20 minutes with a dictionary-based cracking algorithm. Max.

    Or is there something I am missing?
    Yes, plenty.
    -- Bob Primak --

  5. #5
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,483
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by nateatch View Post
    Thanks for a very interesting article. I just found this site: https://priv.ly/ which addresses the issue of privacy. I, for one, would be interested in your opinion of this method.
    I would like to see someone from Windows Secrets explain this to you a bit further, but the link you post offers no protection whatsoever. It would be easily circumvented, as it relies on masking. Masked links were a security threat referred to as Clickjacking when they first appeared as malicious injections into ads or web pages. See the Windows Secrets article HERE for details. Nearly all browsers now have Extensions which are able to resolve masked or shortened links and elements, and users can easily see where the real links lead. This "new" method seems to be just a repackaging of the same methods used in Clickjacking.
    -- Bob Primak --

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •