How do you solve a problem like WJR? :-) On Thu, Feb 10, 2011 at 4:07 PM, William Robbins <[email protected]>wrote:
> I got the idea for song lyrics that way. Place I did some side work for > had the admin password as ThaawTsoM! (The hills are alive with The sound of > Music!) ((Hopefully I didn't just put that in folks heads! ;) )) > > - WJR > > > On Thu, Feb 10, 2011 at 15:05, MMF <[email protected]> wrote: > >> How about a nursery rhyme but use the first letter of each word. >> Example: Hickory Dickery Dock The Mouse Ran Up The Clock would be: >> hddtmrutc. >> >> Murray >> >> ------------------------------ >> *From:* William Robbins [mailto:[email protected]] >> *Sent:* Thursday, February 10, 2011 12:52 PM >> >> *To:* NT System Admin Issues >> *Subject:* Re: IPhone attack reveals passwords in six minutes >> >> +1 I use song lyrics also. >> >> - WJR >> >> >> On Thu, Feb 10, 2011 at 12:49, David Lum <[email protected]> wrote: >> >>> One method is to take acronyms from your favorite hobby and string >>> them together Example: NetBEUI CPU is 45GHz 14Kbps >>> >>> NetBEUICPUis45GHz14Kbps. 25 characters, upper and lower case and I’m >>> going to guess random enough. Surely acronym’s are different when it comes >>> to a dictionary attack? Need to change it? Flip the order of the acronyms. >>> >>> >>> >>> Personally I use a passphrase with correct punctuation – it gives upper >>> case, lower case, and special character. These becomes frustrating when you >>> go to a website that gives you something dumb like 12character maximum, in >>> which case use the hobby acronym’s. >>> >>> >>> >>> My $0.02 >>> >>> Dave >>> >>> >>> >>> *From:* Don Ely [mailto:[email protected]] >>> *Sent:* Thursday, February 10, 2011 10:29 AM >>> >>> *To:* NT System Admin Issues >>> *Subject:* Re: IPhone attack reveals passwords in six minutes >>> >>> >>> >>> I must not be human... Most of my high security accounts have passwords >>> of 20+ random characters and I have them memorized... >>> >>> On Thu, Feb 10, 2011 at 10:25 AM, Ben Scott <[email protected]> >>> wrote: >>> >>> On Thu, Feb 10, 2011 at 12:31 PM, Matthew W. Ross >>> <[email protected]> wrote: >>> >> If data is encrypted with strong crypto, and that crypto's secret >>> >> key is not stored on the device, then that data can generally be >>> >> considered safe even if the device is stolen. >>> >> >>> >> In English, that means if the security depends on a strong password >>> >> the user must enter (and not on some magic the manufacturer has >>> >> "hidden" inside the device), the password-protected data is safe. >>> > >>> > ... Isn't that only partially true? I mean, if the encrypted data is >>> stolen, >>> > isn't it reasonable to believe it can be cracked given enough time/cpu >>> power? >>> >>> You're basically correct. >>> >>> >>> Given good algorithms and implementations, the strength of your >>> security depends on the strength of the key. If the password is an >>> English word, then yah, it's going to be straightforward to crack in >>> minutes or hours with a dictionary attack. If it's a a combination of >>> words and other characters, it's harder, but still within reason for >>> days, weeks, or months. Once you go to truly random characters, it's >>> dependent on the length. But even 10 characters might be crackable in >>> several years given commercially available technology. (I'm not up on >>> current predictions, so numbers may be off for times.) >>> >>> A truly random 256-bit symmetric key could theoretically be cracked >>> given enough time, but time to brute-force (given known technology) is >>> generally given in billions of years. It has been theorized that new >>> technology (especially "quantum computing") could drastically cut into >>> that, but it remains to be seen if such things are actually possible >>> or not. >>> >>> But 256 bits is a lot. Printable ASCII is roughly 96 characters. >>> That fits in roughly six and a half bits. So your passcode would need >>> to be around 40 characters long, and *completely* random (no words or >>> patterns), for it to be in that neighborhood. It's not realistic to >>> expect humans to do that. >>> >>> >>> -- Ben >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> ------------------------------ >> >> No virus found in this message. >> Checked by AVG - www.avg.com >> Version: 10.0.1204 / Virus Database: 1435/3434 - Release Date: 02/10/11 >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
