|
...or disable the account after n consecutive login failures. Pretty standard stuff. IMHO the article is more hype than not.
/ravi
|
|
|
|
|
Ravi Bhavnani wrote: disable the account after n consecutive login failures
That causes too much trouble.
|
|
|
|
|
Right. But some systems also offer a security policy to auto-reenable disabled accounts after m units of time have elapsed since the last perceived dictionary attack.
/ravi
|
|
|
|
|
That works for stuff like websites, but what about something like an encrypted file? There's not much you can do to prevent a brute force attack on those.
|
|
|
|
|
You're absolutely correct. 5+ I was thinking service oriented apps.
/ravi
|
|
|
|
|
lewax00 wrote: an encrypted file
And encrypt at least twice.
|
|
|
|
|
the link says, that using a bigger alphabet is more secure, but this is just plain wrong
it is better to increase the number of characters, even, if they are simple (lowercase letters)
simple math: say 'k' is the size of your alphabet and 'n' shall be the size of your password. then there are k^n possibilities. increasing n is much more valueble than increasing k. just try it out:
f = @(n,k) k^n;
f(6,40) = 4.0960e+09
f(6,41) = 4.7501e+09
f(7,40) = 1.6384e+11
f(10,60) = 6.0466e+17
f(10,61) = 7.1334e+17
f(11,60) = 3.6280e+19
f(20,60) = 3.6562e+35
f(20,61) = 5.0886e+35
f(21,60) = 2.1937e+37
as you see, increasing the first parameter (length) makes like 100 times more possibilites, while adding one more symbol is like not even doubling.
so, a good password is a passphrase, take 3-5 random (and easy to remember) words and stick them together.
the idea to use passphrases came from http://xkcd.com/936/[^]
|
|
|
|
|
Kevin Drzycimski wrote: it is better to increase the number of characters
Yes, that's true too.
|
|
|
|
|
Text from Gibson Research: https://www.grc.com/haystack.htm[^]
"...
Which of the following two passwords is stronger,
more secure, and more difficult to crack?
D0g.....................
PrXyc.N(n4k77#L!eVdAfp9
You probably know this is a trick question, but the answer is: Despite the fact that the first password is HUGELY easier to use and more memorable, it is also the stronger of the two! In fact, since it is one character longer and contains uppercase, lowercase, a number and special characters, that first password would take an attacker approximately 95 times longer to find by searching than the second impossible-to-remember-or-type password!..."
|
|
|
|
|
It occurred to me that an organization could have a system constantly trying to break everyone's passwords -- anyone whose password is broken gets some sort of punishment (along with having to change the password).
|
|
|
|
|
A slap in the face from your superior!!!! That would be funny!!!!!!!!
|
|
|
|
|
Now, that is a good question.
My cat has a Codeproject account, and as is my norm these days, his password is a Guid. (Because I can paste it from my encrypted password store on the PC)
How long to break it?
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 5.10 million trillion trillion trillion centuries
My password is not a Guid (because I have to enter it from the keyboard on my phone occasionally)
How long to break it?
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 0.000202 seconds
Maybe I should find a way to remember Guids?
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
|
|
|
|
|
But it's the policy that matters, not the actual password. You and your cat both have passwords within the same policy (CP's policy) so an attacker has exactly the same difficulty in breaking either.
|
|
|
|
|
OriginalGriff wrote: My cat has a Codeproject account
I have wondered about this for some time, and I want to know WHY?
I am sure it is a LOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOONG Story!
public class SysAdmin : Employee
{
public override void DoWork(IWorkItem workItem)
{
if (workItem.User.Type == UserType.NoLearn){
throw new NoIWillNotFixYourComputerException(new Luser(workItem.User));
}else{
base.DoWork(workItem);
}
}
}
|
|
|
|
|
There is no truly secure password that will remain as such "until you die".
Sure, "brute force" will take 11.15 thousand trillion trillion centuries to figure out the password AStup1dL0usyP#ssw_rd, but that's if the computer doesn't have any heuristics.
Yes, most password systems now-a-days have a 3 or 5 try limit.
A majority of people associate their password with things related to them. Google a person's name and/or find them on Facebook and you'll learn the things associated to them. There's one starting point heuristics will gain a trillion trillion centuries on alone.
Plant a keylogger virus on a system and you're only gonna wait a day or two, if that, for a password.
In all, passwords can be and are cracked 100% of the time.
Yes, certainly changing the password often and of "randomness" is a good deterrent.
And, no, I don't use the password AStup1dL0usyP#ssw_rd. I'm smarter than that. I use A$martP#55w_rd2Guess.
The best way to improve Windows is run it on a Mac.
The best way to bring a Mac to its knees is to run Windows on it.
~ my brother Jeff
|
|
|
|
|
Never Ever underestimate the user stupidity!!!!
|
|
|
|
|
As Foursquare co-founder Dennis Crowley implied to the New York Times, and more directly related to TechCrunch, the path to selling ads and services against reviews and user recommendations is a lot smoother than that of eventually charging users for a game they feel they can leave and not really sweat too much. [ITworld]
|
|
|
|
|
I do hope you realise I am being facetious here. However, there is a grain of truth in every joke. I have seen instances of this type of behaviour and have been guilty of engaging in some of it myself from time to time – you probably have as well. Rockstars and ninjas need not apply.
|
|
|
|
|
Very amusing.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair.
nils illegitimus carborundum
me, me, me
|
|
|
|
|
What if you'd just like to play around creating logic circuits? Or maybe use a program to help you learn how to design them? Oh yeah, and where the source for that program was available too? This app is cool: true or false?
|
|
|
|
|
So freaking true.
Every now and then say, "What the Elephant." "What the Elephant" gives you freedom. Freedom brings opportunity. Opportunity makes your future.
|
|
|
|
|
I've been wanting a program like that to fiddle with for a while...thanks! (sure I could use an HDL, but it's not quite the same...)
|
|
|
|
|
I have used it before, and I can say that it is an AWESOME application!!!
I would recommend downloading it!
public class SysAdmin : Employee
{
public override void DoWork(IWorkItem workItem)
{
if (workItem.User.Type == UserType.NoLearn){
throw new NoIWillNotFixYourComputerException(new Luser(workItem.User));
}else{
base.DoWork(workItem);
}
}
}
|
|
|
|
|
If you haven’t noticed already: Windows Azure Websites makes Windows Azure a lot easier. After a couple of seconds, Git publishing is configured and all it takes to deploy your website is commit your source code, whether ASP.NET, ASP.NET Webpages or PHP to the newly created Git repository. Windows Azure Websites will take care of the build process (cool!) and will deploy this to Windows Azure in just a couple of seconds. Partly cloudy with a chance of easy deployment.
|
|
|
|
|
Though coder Jeff Atwood thinks coding isn’t for non-computer geeks, we can think of a lot of reasons normals should learn computer language. Wrong. With the help of an angry comment thread on Hacker News, we can think of at least five ways someone who has no professional programming ambitions might want to learn a little bit about the way the machines we use every single day, some of us all day, work. A hack a day keeps the Geek Squad away.
|
|
|
|