Results 1 to 7 of 7
  1. #1
    4 Star Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    425
    Thanks
    39
    Thanked 17 Times in 17 Posts

    password conundrums

    password conundrums indeed
    I just made the wrong call on the latest snowstorm (Janus?) and banged in from work( Too old for that kinda stuff).
    So I was just reading a story @http://www.propublica.org/article/privacy-tools-how-to-build-better-passwords?utm_source=et&utm_medium=email&utm_campa ign=dailynewsletter that has me a bit confused.
    The author recommends a system for choosing passwords called Diceware (http://world.std.com/~reinhold/diceware.html) that seems rather well dicey. It recommends rolling five dice 4 or 5 times, notating the results and picking words from a list w/ 7700 words matching the results. "correcthorsebatterystaple" would be a recommended password and stronger than one generated by the usual password utilities (which I do not use). A site linked to:
    https://dl.dropboxusercontent.com/u/...est/index.html says it would take 65 years to crack.

    This same site says "four financial institutions" would take 91 years. This password I got from an article from linked to in a thread(http://windowssecrets.com/forums/sho...ords-yet-again) started by Ruirib. I am finding this hard to believe especially on recent news on the feasibility of new techniques of dictionary attacks(sorry no link) ahh found it http://arstechnica.com/security/2013...rd-cracking/3/

    Maybe I lack imagination but I find it really hard to believe that correcthorsebatterystaple is any kind of secure password. What am I missing here??
    David

    Just because you don't know where you are going doesn't mean any road will get you there.

  2. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,498
    Thanks
    212
    Thanked 852 Times in 784 Posts
    Wavy,

    I guess it depends on who you believe!

    Microsoft:
    pwc-microsoft.JPG

    Gibson Research:
    pwc-grc.JPG

    Intel:
    pwc-intel.JPG

    Of course YMMV! HTH
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  3. #3
    4 Star Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    425
    Thanks
    39
    Thanked 17 Times in 17 Posts
    Most the test sites do seem to like that kind of password. I may be changing some of my passwords ......
    David

    Just because you don't know where you are going doesn't mean any road will get you there.

  4. #4
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,915
    Thanks
    91
    Thanked 356 Times in 320 Posts
    Quote Originally Posted by wavy View Post
    Maybe I lack imagination but I find it really hard to believe that correcthorsebatterystaple is any kind of secure password. What am I missing here??
    The "new techniques of dictionary attacks" article was about using phrases containing words which appear together somewhere online.

    The correcthorsebatterystaple example is about using random words which don't normally appear together anywhere.

    (Although that particular example now appears in thousands of places!)

    Bruce

  5. #5
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,845
    Thanks
    7
    Thanked 253 Times in 238 Posts
    Adding capitalisation, numbers and punctuation bounces the result out nicely and it's no harder to remember (I changed the last word to keep the length the same).
    c0rrecthorse.batterystraP
    Massive Cracking Array Scenario = 89.14 trillion trillion centuries

    cheers, Paul

  6. #6
    5 Star Lounger access-mdb's Avatar
    Join Date
    Dec 2009
    Location
    Oxfordshire, UK
    Posts
    621
    Thanks
    55
    Thanked 47 Times in 44 Posts
    Trouble is that some sites won't accept passwords with full stops and similar, and other sites limit the password length (but don't always tell you!). I have one site which uses a PIN - four numbers!

  7. #7
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,845
    Thanks
    7
    Thanked 253 Times in 238 Posts
    Any site that limits your password choices to less than 16 characters and only numbers and letters should be taken out and shot.

    cheers, Paul

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •