Results 1 to 7 of 7
  1. #1
    3 Star Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    360
    Thanks
    34
    Thanked 14 Times in 14 Posts

    password conundrums

    password conundrums indeed
    I just made the wrong call on the latest snowstorm (Janus?) and banged in from work( Too old for that kinda stuff).
    So I was just reading a story @http://www.propublica.org/article/privacy-tools-how-to-build-better-passwords?utm_source=et&utm_medium=email&utm_campa ign=dailynewsletter that has me a bit confused.
    The author recommends a system for choosing passwords called Diceware (http://world.std.com/~reinhold/diceware.html) that seems rather well dicey. It recommends rolling five dice 4 or 5 times, notating the results and picking words from a list w/ 7700 words matching the results. "correcthorsebatterystaple" would be a recommended password and stronger than one generated by the usual password utilities (which I do not use). A site linked to:
    https://dl.dropboxusercontent.com/u/...est/index.html says it would take 65 years to crack.

    This same site says "four financial institutions" would take 91 years. This password I got from an article from linked to in a thread(http://windowssecrets.com/forums/sho...ords-yet-again) started by Ruirib. I am finding this hard to believe especially on recent news on the feasibility of new techniques of dictionary attacks(sorry no link) ahh found it http://arstechnica.com/security/2013...rd-cracking/3/

    Maybe I lack imagination but I find it really hard to believe that correcthorsebatterystaple is any kind of secure password. What am I missing here??

    Just because you don't know where you are going doesn't mean any road will get you there.

  2. #2
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    6,227
    Thanks
    202
    Thanked 794 Times in 728 Posts
    Wavy,

    I guess it depends on who you believe!

    Microsoft:
    pwc-microsoft.JPG

    Gibson Research:
    pwc-grc.JPG

    Intel:
    pwc-intel.JPG

    Of course YMMV! HTH
    May the Forces of good computing be with you!

    RG

    VBA Rules!

    My Systems: Desktop Specs
    Laptop Specs


  3. #3
    3 Star Lounger wavy's Avatar
    Join Date
    Dec 2009
    Location
    ny
    Posts
    360
    Thanks
    34
    Thanked 14 Times in 14 Posts
    Most the test sites do seem to like that kind of password. I may be changing some of my passwords ......

    Just because you don't know where you are going doesn't mean any road will get you there.

  4. #4
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,780
    Thanks
    84
    Thanked 343 Times in 309 Posts
    Quote Originally Posted by wavy View Post
    Maybe I lack imagination but I find it really hard to believe that correcthorsebatterystaple is any kind of secure password. What am I missing here??
    The "new techniques of dictionary attacks" article was about using phrases containing words which appear together somewhere online.

    The correcthorsebatterystaple example is about using random words which don't normally appear together anywhere.

    (Although that particular example now appears in thousands of places!)

    Bruce

  5. #5
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,626
    Thanks
    7
    Thanked 231 Times in 219 Posts
    Adding capitalisation, numbers and punctuation bounces the result out nicely and it's no harder to remember (I changed the last word to keep the length the same).
    c0rrecthorse.batterystraP
    Massive Cracking Array Scenario = 89.14 trillion trillion centuries

    cheers, Paul

  6. #6
    4 Star Lounger access-mdb's Avatar
    Join Date
    Dec 2009
    Location
    Oxfordshire, UK
    Posts
    527
    Thanks
    50
    Thanked 40 Times in 37 Posts
    Trouble is that some sites won't accept passwords with full stops and similar, and other sites limit the password length (but don't always tell you!). I have one site which uses a PIN - four numbers!

  7. #7
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,626
    Thanks
    7
    Thanked 231 Times in 219 Posts
    Any site that limits your password choices to less than 16 characters and only numbers and letters should be taken out and shot.

    cheers, Paul

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •