Discussion:
Can someone explain why I need "hard" passwords?
(too old to reply)
Nomen Nescio
2014-04-26 03:40:11 UTC
Permalink
In article <***@anonymitaet-im-
inter.net>
With so many sites being hacked and giving away the passwords of their
users, why should I drive myself bonkers creating a "secure" password
that I might forget? If I create a password such as All My Cows Love
Pizza, do you really think one of my friends or co-workers is going to
guess that? As for a hacker cracking it, I am only one of millions on
the Web/Usenet. Chances are I won't come to the attention of any one
of them. Why bother screwing with me when they can screw with some
site that will give them thousands or millions of passwords? I think
more people have forgotten passwords like z207$/SJu3 or zH3,&nIOnz and
locked themselves out of their own systems than were hacked by
hackers.
I think All My Cows Love Pizza is sufficient
?
Unnecessary really.

A password is only as secure as the environment that originates,
transmits, stores and "protects" it.

I can have your Windows, MAC or Unix passwords regardless of
complexity in a couple of minutes once I get access to certain
files. There are ways to make this more difficult, and a smart
administrator will, but eventually even those measures will be
defeated.

Should you give up and use password123 for everything?
Absolutely not. A complex password makes it more difficult for
an unskilled attacker, and increases the odds that they will be
discovered before they can make off with the goods.

If you've ever been visited by a skilled "hacker" as the
unlearned and unclean call them, you'll never know it anyway.

Fortunately there are more white hats than there are black ones,
but those in black are formidable and should never be casually
dismissed.
William Unruh
2014-04-26 03:54:48 UTC
Permalink
Post by Nomen Nescio
inter.net>
With so many sites being hacked and giving away the passwords of their
users, why should I drive myself bonkers creating a "secure" password
that I might forget? If I create a password such as All My Cows Love
Pizza, do you really think one of my friends or co-workers is going to
guess that? As for a hacker cracking it, I am only one of millions on
the Web/Usenet. Chances are I won't come to the attention of any one
of them. Why bother screwing with me when they can screw with some
site that will give them thousands or millions of passwords? I think
more people have forgotten passwords like z207$/SJu3 or zH3,&nIOnz and
locked themselves out of their own systems than were hacked by
hackers.
I think All My Cows Love Pizza is sufficient
Actually that is a pretty tough password to crack. Probably much harder than an 8
random character password. See the XKCD comic on passwords. Length helps
a lot. Your password is 23 characters, and at 2 bits per character, that
is about 50 bits. YOur others a about 6 bits per character are again
about the same strength.

And on the next site you could use
All My Pizzas love Cows.
Post by Nomen Nescio
?
Unnecessary really.
A password is only as secure as the environment that originates,
transmits, stores and "protects" it.
I can have your Windows, MAC or Unix passwords regardless of
complexity in a couple of minutes once I get access to certain
files. There are ways to make this more difficult, and a smart
administrator will, but eventually even those measures will be
defeated.
Which files do you mean on Unix? Even the shadow file is pretty useless
( the passwords are hashed). I guess you could subvert the login
program.
Post by Nomen Nescio
Should you give up and use password123 for everything?
Absolutely not. A complex password makes it more difficult for
an unskilled attacker, and increases the odds that they will be
discovered before they can make off with the goods.
If you've ever been visited by a skilled "hacker" as the
unlearned and unclean call them, you'll never know it anyway.
Fortunately there are more white hats than there are black ones,
but those in black are formidable and should never be casually
dismissed.
Anonymous
2014-04-26 04:52:29 UTC
Permalink
Post by William Unruh
Actually that is a pretty tough password to crack. Probably much harder than an 8
random character password. See the XKCD comic on passwords. Length helps
a lot. Your password is 23 characters, and at 2 bits per character, that
is about 50 bits. YOur others a about 6 bits per character are again
about the same strength.
And on the next site you could use
All My Pizzas love Cows.
Post by Nomen Nescio
?
Unnecessary really.
A password is only as secure as the environment that originates,
transmits, stores and "protects" it.
I can have your Windows, MAC or Unix passwords regardless of
complexity in a couple of minutes once I get access to certain
files. There are ways to make this more difficult, and a smart
administrator will, but eventually even those measures will be
defeated.
Which files do you mean on Unix? Even the shadow file is pretty useless
( the passwords are hashed). I guess you could subvert the login
program.
Don't put blind faith in the one way hash.

That's all I will say.

~WH
William Unruh
2014-04-26 08:06:25 UTC
Permalink
["Followup-To:" header set to comp.security.misc.]
Post by Anonymous
Post by William Unruh
Actually that is a pretty tough password to crack. Probably much harder than an 8
random character password. See the XKCD comic on passwords. Length helps
a lot. Your password is 23 characters, and at 2 bits per character, that
is about 50 bits. YOur others a about 6 bits per character are again
about the same strength.
And on the next site you could use
All My Pizzas love Cows.
Post by Nomen Nescio
?
Unnecessary really.
A password is only as secure as the environment that originates,
transmits, stores and "protects" it.
I can have your Windows, MAC or Unix passwords regardless of
complexity in a couple of minutes once I get access to certain
files. There are ways to make this more difficult, and a smart
administrator will, but eventually even those measures will be
defeated.
Which files do you mean on Unix? Even the shadow file is pretty useless
( the passwords are hashed). I guess you could subvert the login
program.
Don't put blind faith in the one way hash.
I don't put blind faith in it. I put openeyed faith in it :-)
You are insinuating something here that I do not believe you can back
up, other than FUD.
Post by Anonymous
That's all I will say.
~WH
Jim
2014-04-28 17:41:27 UTC
Permalink
On Sat, 26 Apr 2014 03:54:48 +0000 (UTC), William Unruh
Post by William Unruh
Post by Nomen Nescio
inter.net>
With so many sites being hacked and giving away the passwords of their
users, why should I drive myself bonkers creating a "secure" password
that I might forget? If I create a password such as All My Cows Love
Pizza, do you really think one of my friends or co-workers is going to
guess that? As for a hacker cracking it, I am only one of millions on
the Web/Usenet. Chances are I won't come to the attention of any one
of them. Why bother screwing with me when they can screw with some
site that will give them thousands or millions of passwords? I think
more people have forgotten passwords like z207$/SJu3 or zH3,&nIOnz and
locked themselves out of their own systems than were hacked by
hackers.
I think All My Cows Love Pizza is sufficient
Actually that is a pretty tough password to crack. Probably much harder than an 8
random character password. See the XKCD comic on passwords. Length helps
a lot. Your password is 23 characters, and at 2 bits per character, that
is about 50 bits. YOur others a about 6 bits per character are again
about the same strength.
Unfortunately each group of letters it contains
are in the dictionary, making it a doddle to break,
probably in less than a minute.
--
:: Jim,

NHS Health Database Sale Opt-out form:

http://www.thebigoptout.com/opt-out-letter/
William Unruh
2014-04-28 19:17:46 UTC
Permalink
Post by Jim
On Sat, 26 Apr 2014 03:54:48 +0000 (UTC), William Unruh
Post by William Unruh
Post by Nomen Nescio
inter.net>
With so many sites being hacked and giving away the passwords of their
users, why should I drive myself bonkers creating a "secure" password
that I might forget? If I create a password such as All My Cows Love
Pizza, do you really think one of my friends or co-workers is going to
guess that? As for a hacker cracking it, I am only one of millions on
the Web/Usenet. Chances are I won't come to the attention of any one
of them. Why bother screwing with me when they can screw with some
site that will give them thousands or millions of passwords? I think
more people have forgotten passwords like z207$/SJu3 or zH3,&nIOnz and
locked themselves out of their own systems than were hacked by
hackers.
I think All My Cows Love Pizza is sufficient
Actually that is a pretty tough password to crack. Probably much harder than an 8
random character password. See the XKCD comic on passwords. Length helps
a lot. Your password is 23 characters, and at 2 bits per character, that
is about 50 bits. YOur others a about 6 bits per character are again
about the same strength.
Unfortunately each group of letters it contains
are in the dictionary, making it a doddle to break,
probably in less than a minute.
Actually no. There are say 2000 words in your dictionary. That is 5
words. That is 2000^5= 10^16 = 50 bits of strength. That is hardly a
doodle. It is doable, if you happen to know how the password is made.

But 50 bits is almost certainly more than sufficient for general
passwords. If you have really top secret or important stuff to protect,
then a few more bits would be more comfotable.
Note that his "impossible to remember" passwords only have about 60^10
combinations, or again about 10^18=2^56 bits-- very comparable.
Loading...